Crypticide I: Thirteen Years of Crack

Thirteen years ago, on 15th June 1991, I posted v2.7a of Crack to the newsgroup alt.sources [] – I messed-up the posting process a bit, since these were the days when people cared about netiquette, the Web was multicast and named USENET, and also this was perhaps the first time I was releasing software to a wide and critical audience.

It became a very popular piece of software indeed.

Crack began as a homebrew refinement of the “pwc” password-checking software that people could find included in Dan Farmer’s COPS package [] – but my copy of which was the COPS cracker’s ancestor, some much older code that was circulating amongst the UK’s Unix/CompSci community in the mid/late 1980s.

The concept of a program like Crack goes back many many years (see [] [] [] for some discussion, and see also earlier papers by Morris and Thompson) and the basic method of password cracking is easily described to any layman who can follow a recipe:

  1. for each word in a dictionary listing of words
  2. … see whether anyone is using that word (eg: “sesame”) as a password
  3. … see whether anyone is using obvious variants of that word as a password (eg: “sesame1”, “2sesame”, “ses3ame”, “sesame69”, “s3sam3”, “SESAME”, …)
  4. … and move on to the next word, and repeat.

In fact the concept is so utterly simple that it can be expressed in less than a single line of the Perl programming language:

World’s smallest password cracker?

echo SESAME | perl -nle ‘setpwent;crypt($_,$c)eq$c&&print”$u=$_”while($u,$c)=getpwent’

…but before delving into technological issues any further, a little history is appropriate.

In the autumn of 1990 I began messing-about with the “pwc” source; as a programmer I found the original memory-management / wordlist-handling code rather ugly (not to mention: barely comprehensible) but in rewriting that I found the resultant tool to be suddenly much more effective at guessing passwords.

I suspect that I inadvertently fixed some string-handling bug in the original code; in any case, I now had a tool that was efficient, useful, and interesting to play with, in my role as systems programmer at a Welsh university.

Versions 2.0 and upwards of Crack were total rewrites for clarity and extensibility, plus wrapper scripts and other oddments to perform housekeeping.

Version 2.7a was the first public release to USENET, and barely a few weeks later, after discussion and issuing public notice [] [] I posted v3.2a of Crack [] which contained a faster version of the Unix password hashing algorithm, one spawned from Bob Baldwin’s code which I’d further tuned/rewritten to get an extra 40..50% performance boost.

That was the day everything changed for me.

On mundane machines like Sun’s 3/60 Workstation, you could now check thirty-five passwords per second, as opposed to the three per second permitted by the slow “libc” implementation of crypt(). After a little math:

35 * 60 * 60 * 24 * 2 = 6,048,000

…that’s about 6 million password-checks that you could make, per weekend, per CPU. Multiply that by the twenty or so workstations in the student laboratory, and you could do some serious checking of password security:

6048000 * 20 == 120,960,000

Almost one hundred and twenty-one million password guesses in a weekend. That – in 1991 – was an astounding amount. If you had (say) 50 users in your password file, that was 2.4 million guesses apiece, each guess to see if someone had used dictionary word, or a StarTrek character name, or the name of a chemical compound, or a girl- (and boy-) friends’ name (etc) as their password.

That was a lot of guesses.

As an aside: on a modern PC the same can be achieved on a single CPU, taking between 5 and 20 minutes to complete.

There was some dissent about the software, however there was much much more support, [] both of which seemed odd given that both the technique and technology were so old. To my mind the truth is that up until the next version (4.0a) [] there was actually very little in Crack that had not been in one or other previous password-cracking program.

The 4.x series of Crack (3 Nov 1991 onwards) introduced first the programmable dictionary generator so that people could “get creative” with their guessing; it also introduced networking, so that you could automatically distribute the embarrassingly-parallel load of your password cracking amongst dozens, perhaps scores of machines.

In this era, this was really cool; remember that this predated any of, the RC5 project, SETI@Home, Genome@Home, Folding@Home, peer-to-peer or the like; to be able to draw-together the resources of an entire university to address a single, linearly-scalable compute problem was quite enlightening for some computer scientists.

Bizzarely (to modern ears) I was essentially forbidden from referring to this innovation as “parallel computation” – a term which meant something quite different to purist British ears in that era; terms like distributed or grid computing were unknown to me at the time, or possibly did not exist outside of CompSci hothouses – or even at all?

Interest in Crack and password-cracking mushroomed; people wrote Bachelors’, Masters’ and even one Doctorate thesis about it. Sysadmins were lauded for running it. Students were reprimanded or expelled for running it. Imitations sprang up. People of every motive posted better, faster, geekier, more tuned versions of the crypt() routine for particular architectures. Some messed around with their benchmarks to suit their egos [] – and some have subsequently gone on to build excellent professional reputations on the back of such work.

Not all of them have yet bought me beer, but some have done. That, plus reputation and all that that brings, is the profit that I have reaped from this early exercise in Open Source Software distribution.

Eventually matters calmed down; a few years later the WWW/Web was invented, Perl5 was released, Dan Farmer and Wietse Venema released SATAN and all the Crack-style hyperbole and flamage was once-again repeated, as indeed Crack’s release expanded upon that which greeted the release of COPS.

Now that there are scores of potentially dual-use (ie: cracker/admin) tools available to the general public, the flamage seems to have died down except where truly media-friendly scary hax0r-nerds are involved.

So: thirteen years ago. Thirteen years ago, today. Aside from nostalgia, why bring all this up, now?

Because I want that password algorithm – the traditional, 8-character Unix password-hashing algorithm – dead.

Watch this space for updates.

[Project RSS] []