[Cryptography] The proper way to hash password files
Bill Stewart
billstewart at pobox.com
Mon May 26 21:01:06 EDT 2014
At 02:28 AM 5/26/2014, Dave Horsfall wrote:
>Oops - it was CTSS at MIT.
RSTS-11, circa 1973, kept the password file in unencrypted
non-world-readable form, but didn't zero temporary files left on the disk.
And the version of BASIC* that it ran let you allocate a virtual
array, which stored your data on disk instead of in RAM, and also
didn't zero the space on disk.
So in Heartbleed-like fashion, you could snarf up chunks of
formerly-used disk space by allocating a virtual array, not zeroing
it, and printing out the contents to see if there was anything cool there.
So some curious high school students did this on the time-shared
PDP-11 at the university that they connected to from an overused
teletype at 110 baud, and while most of the contents were gibberish
or mostly harmless, one was from a previous edit of the password
file. We weren't sure how previous, but at least most of the passwords worked.
The mainframe I used as an undergrad was running VM, with several
batch-processing system on it, and eventually also CMS, and the batch
accounts used 4-character passwords, which would have been inadequate
for any serious attack, but were mostly ok since doing brute force
with punch cards really wasn't worthwhile. One undergrad computer
operator (not me, but he's shown up here occasionally) guessed that
the backup password for the VM operating system was BKUP, so he tried
running it as an application program on top of the main VM and giving
it one of the guest operating systems as data. To IBM's credit, it
worked ok, albeit very slowly, and to the university's credit, they
didn't fire him from the operator job, though they did ask him not to
do it again, and changed the password to something less obvious.
More information about the cryptography
mailing list