- old school security
onymouse at garlic.com
Mon Apr 30 10:51:52 CDT 2007
der Mouse wrote:
>>> For that matter, was enough publicly known about the Enigma at the
>>> time to do that then?
>> I thought that Unix (1969) was developed well after WW2.
> It was, yes.
>> After WW2, the Enigma was well understood, and was no longer an
> Not an enigma to the cryptographers who worked on breaking it, no. But
> my understanding was that only recently was much of that data
> declassified. Note that I said *publicly* known....
David Kahn's "The Codebreakers" published in 1968 (IIRC) had details of Enigma,
including how rotors were wired. So at least by that time all the details of the
German and Polish military Enigmas were publicly available, if not publicly
known. Called a "dynamic substitution cipher", IIRC. Also had some details about
PURPLE, the Japanese version of Enigma. The Enigma patent was publicly available
after the war.
First sV system I used had the Enigma two-rotor algorithm to encrypt passwords,
plus salt. That was in the late 1970's. Allowed characters were alphanumeric; no
spaces or punctuation to begin with. Later, punctuation was allowed but still no
spaces. I don't recall any sV or BSD system I used through to the late 80's
having anything but the Enigma style crypt function for passwords. Same for My
First Linux Computer(tm) in 1993. Didn't get hashing until about 1998. No spaces
allowed until after 32 char-plus passphrases were enabled some years later.
I have heard from veterans that ROT-13 was once used to encrypt passwords. I saw
it only once on a SysIII derived single-user system driving a PROM (not EPROM)
I had fun finding passwords on a HP2000C/F BASIC timeshare system in 1973. Two
others were running brute force methods which were nothing more than programs
punching a few miles of tape for a few accounts using every possible sequential
ASCII character combination, excluding some forbidden combos. (Passwords could
be a mix of printing and nonprinting, or control characters.) Took them a couple
of weeks just to punch the tape on a KSR33--and they used six or so rolls
altogether--but they gave up after a few hours of reading the tape, due to the
problem of handling so much tape, IIRC. I got three admin passwords and one
group admin password (and so got the whole group's passwords) by just thinking
about it for a few days and trying most likely passwords. Got the group admin's
password on the second try and his supergroup account password on the third try.
Old school password cracking: Too trivial to be fun for long. Stack & buffer
overflows and mutating code--now that was fun!
And one could often gain a lot of info from what sysadmins & sysops would not
A UNIX saleslady, Lenore,
Enjoys work, but she likes the beach more.
She found a good way
To combine work and play:
She sells C shells by the seashore.
More information about the cctalk