Crypticide I: Thirteen Years of Crack
Thirteen years ago, on 15th June 1991, I posted v2.7a of Crack to
the newsgroup alt.sources
[groups.google.com]
- I messed-up the posting process a bit, since these were the days
when people cared about netiquette, the Web was multicast and named
USENET, and also this was perhaps the first time I was
releasing software to a wide and critical audience.
It became a very popular piece of software indeed.
Crack began as a homebrew refinement of the “pwc” password-checking
software that people could find included in Dan Farmer’s COPS
package
[groups.google.com]
- but my copy of which was the COPS cracker’s ancestor, some much
older code that was circulating amongst the UK’s Unix/CompSci
community in the mid/late 1980s.
The concept of a program like Crack goes back many many years (see
[groups.google.com]
[groups.google.com]
[groups.google.com]
for some discussion, and see also earlier papers by Morris and
Thompson) and the basic method of password cracking is easily
described to any layman who can follow a recipe:
- for each word in a dictionary listing of words
- … see whether anyone is using that word (eg: “sesame”) as a password
- … see whether anyone is using obvious variants of that word as a password
(eg: “sesame1″, “2sesame”, “ses3ame”, “sesame69″, “s3sam3″, “SESAME”, …)
- … and move on to the next word, and repeat.
In fact the concept is so utterly simple that it can be expressed in
less than a single line of the Perl programming language:
World’s smallest password cracker?
echo SESAME | perl -nle ’setpwent;crypt($_,$c)eq$c&&print”$u=$_”while($u,$c)=getpwent’
…but before delving into technological issues any further, a little
history is appropriate.
In the autumn of 1990 I began messing-about with the “pwc” source; as
a programmer I found the original memory-management /
wordlist-handling code rather ugly (not to mention: barely
comprehensible) but in rewriting that I found the resultant tool to
be suddenly much more effective at guessing passwords.
I suspect that I inadvertently fixed some string-handling bug in the
original code; in any case, I now had a tool that was efficient,
useful, and interesting to play with, in my role as systems programmer
at a Welsh university.
Versions 2.0 and upwards of Crack were total rewrites for clarity and
extensibility, plus wrapper scripts and other oddments to perform
housekeeping.
Version 2.7a was the first public release to USENET,
and barely a few weeks later, after discussion and issuing public notice
[groups.google.com]
[groups.google.com]
I posted v3.2a of Crack
[groups.google.com]
which contained a faster version of the Unix password hashing
algorithm, one spawned from Bob Baldwin’s code which I’d further
tuned/rewritten to get an extra 40..50% performance boost.
That was the day everything changed for me.
On mundane machines like Sun’s 3/60 Workstation, you could now check
thirty-five passwords per second, as opposed to the three per second
permitted by the slow “libc” implementation of crypt(). After
a little math:
35 * 60 * 60 * 24 * 2 = 6,048,000
…that’s about 6 million password-checks that you could make, per
weekend, per CPU. Multiply that by the twenty or so workstations in
the student laboratory, and you could do some serious checking of
password security:
6048000 * 20 == 120,960,000
Almost one hundred and twenty-one million password guesses in a
weekend. That - in 1991 - was an astounding amount. If you had
(say) 50 users in your password file, that was 2.4 million guesses
apiece, each guess to see if someone had used dictionary word, or a
StarTrek character name, or the name of a chemical compound, or a
girl- (and boy-) friends’ name (etc) as their password.
That was a lot of guesses.
As an aside: on a modern PC the same can be achieved on a single
CPU, taking between 5 and 20 minutes to complete.
There was some dissent about the software, however there was much
much more support,
[groups.google.com]
both of which seemed odd given that both the technique and technology
were so old. To my mind the truth is that up until the next version
(4.0a)
[groups.google.com]
there was actually very little in Crack that had not been in one or
other previous password-cracking program.
The 4.x series of Crack (3 Nov 1991 onwards) introduced first the
programmable dictionary generator so that people could “get creative”
with their guessing; it also introduced networking, so that you could
automatically distribute the embarrassingly-parallel load of
your password cracking amongst dozens, perhaps scores of machines.
In this era, this was really cool; remember that this predated any of
distributed.net, the RC5 project,
SETI@Home, Genome@Home, Folding@Home,
peer-to-peer or the like; to be able to draw-together the resources of
an entire university to address a single, linearly-scalable compute
problem was quite enlightening for some computer scientists.
Bizzarely (to modern ears) I was essentially forbidden from referring
to this innovation as “parallel computation” - a term which meant
something quite different to
purist British ears in that era; terms like distributed or grid
computing were unknown to me at the time, or possibly did not exist
outside of CompSci hothouses - or even at all?
Interest in Crack and password-cracking mushroomed; people wrote
Bachelors’, Masters’ and even one Doctorate thesis about it.
Sysadmins were lauded for running it. Students were reprimanded or
expelled for running it. Imitations sprang up. People of every
motive posted better, faster, geekier, more tuned versions of the
crypt() routine for particular architectures. Some messed around with
their benchmarks to suit their egos
[groups.google.com]
- and some have subsequently gone on to build excellent professional
reputations on the back of such work.
Not all of them have yet bought me beer, but some have done. That,
plus reputation and all that that brings, is the profit that I have
reaped from this early exercise in Open Source Software distribution.
Eventually matters calmed down; a few years later the WWW/Web was
invented, Perl5 was released, Dan Farmer and Wietse Venema released
SATAN and all the Crack-style hyperbole and
flamage was once-again repeated, as indeed Crack’s release expanded
upon that which greeted the release of
COPS.
Now that there are scores of
potentially dual-use (ie: cracker/admin) tools available to the
general public, the flamage seems to have died down except where truly
media-friendly scary hax0r-nerds are involved.
So: thirteen years ago. Thirteen years ago, today. Aside from
nostalgia, why bring all this up, now?
Because I want that password algorithm - the traditional,
8-character Unix password-hashing algorithm - dead.
Watch this space for updates.
[Project RSS] [www.crypticide.com]
