Stealing password databases from compromised systems is a common problem. This was especially acute in the early years of Unix's development, when passwords were stored in cleartext. A leak of such a database meant a complete compromise of the system.
The problem was solved by the world's first hashing utility, Crypt, in the 1970s. Since then, passwords have no longer been stored in cleartext; hashes have been stored in the database. According to official documentation,crypt(3)up until the sixth edition, the utility used code from an emulator of the M-209 cipher machine, which the US Army used during World War II. In this system, the password was used not as ciphertext, but as a key used to encrypt a constant. Ken Thompson, Dennis Ritchie, and other creators of Unix thought this approach was secure. It turned out otherwise.
It soon became clear that checking an encrypted password against all passwords in the database was as fast as hashing a single password (1.25 ms on a PDP 11/70), which was a clear architectural flaw. Therefore, in the late 1970s, starting with the seventh edition, the system crypt(3)was switched to a one-way cryptographic function based on the DES block cipher.
It also quickly became clear that people are extremely predictable in their password choices. Various tools emerged to guess common passwords and compare them with hashed values in the database. These tools typically use a combination of dictionary attacks, brute force, and other methods to guess potential passwords and compare them with stored hashes.
The creators of Unix went to great lengths to make password cracking more difficult. As early as the late 1970s, they modified the password entry program to encourage users to choose more complex passwords. Additionally, salt was first used in hashing: the first time a password was entered, the program generated a 12-bit random value and appended it to the password. Subsequent password entries retrieved this value from the database along with the password and automatically appended it to the input field.
File fragment /etc/passwd(1983). The first two characters are the salt (12-bit), followed by 11 characters of the hash (64-bit). Source.
Also in the late 1970s, the first chips for hardware acceleration of DES appeared.
The first password cracking programs appeared immediately after system administrators began hashing them with the aforementioned Unix utility cryptin the 1970s. It's known that as early as 1978, emulators were running on PDP-11/70 computers cryptto try various hash variants at a rate of approximately 800 passwords (hashes) per second.
The first information security tools with password cracking or verification capabilities were:
Over time, tools became more efficient. John the Ripper , developed by Solar Designer, soon became the leader in technological innovation . However, with the advent of powerful GPUs, Hashcat took over , leveraging GPU capabilities more efficiently. Interestingly, the first brute-force attack on a GPU was implemented by the Russian company Elcomsoft (Andrey Belenko).
Other popular tools include L0phtCrack and Hydra .
Over the past thirty years, brute-force methods and hardware have evolved significantly, leading to significant performance gains , as shown in the table below.
With the rise of CPU and GPU performance, the importance of choosing a specific hashing algorithm to make brute-force attacks more difficult (slower) became clear. Many web developers used PHP's built-in saltless hashing function in the 1990s md5(), but since 2007, support phpassfor bcrypt has been added, so the industry has gradually and automatically migrated to stronger hashing algorithms. The average password length has also been steadily increasing. According to statistics, it increased from 4.4 characters in 1989 to 7.9 characters in 2009 (see "The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords" , 2012 IEEE Symposium on Security and Privacy ).
It can be assumed that with the widespread use of password managers in the second half of the 2010s, password lengths have increased even further.
New hashing algorithms are being developed to be as CPU-, GPU-, and memory-unfriendly as possible, to minimize computational overhead on any device, including FPGAs and ASICs.
However, password-guessing programs are also constantly evolving, implementing new methods to improve their efficiency. Cloud platforms, with their ability to scale workloads virtually infinitely within a data center, have proven a major help. Some organizations specializing in brute-force attacks have even built their own data centers to avoid relying on third-party clouds.
The problem was solved by the world's first hashing utility, Crypt, in the 1970s. Since then, passwords have no longer been stored in cleartext; hashes have been stored in the database. According to official documentation,crypt(3)up until the sixth edition, the utility used code from an emulator of the M-209 cipher machine, which the US Army used during World War II. In this system, the password was used not as ciphertext, but as a key used to encrypt a constant. Ken Thompson, Dennis Ritchie, and other creators of Unix thought this approach was secure. It turned out otherwise.
It soon became clear that checking an encrypted password against all passwords in the database was as fast as hashing a single password (1.25 ms on a PDP 11/70), which was a clear architectural flaw. Therefore, in the late 1970s, starting with the seventh edition, the system crypt(3)was switched to a one-way cryptographic function based on the DES block cipher.
It also quickly became clear that people are extremely predictable in their password choices. Various tools emerged to guess common passwords and compare them with hashed values in the database. These tools typically use a combination of dictionary attacks, brute force, and other methods to guess potential passwords and compare them with stored hashes.
The creators of Unix went to great lengths to make password cracking more difficult. As early as the late 1970s, they modified the password entry program to encourage users to choose more complex passwords. Additionally, salt was first used in hashing: the first time a password was entered, the program generated a 12-bit random value and appended it to the password. Subsequent password entries retrieved this value from the database along with the password and automatically appended it to the input field.
File fragment /etc/passwd(1983). The first two characters are the salt (12-bit), followed by 11 characters of the hash (64-bit). Source.
Also in the late 1970s, the first chips for hardware acceleration of DES appeared.
The first software for brute force
The first password cracking programs appeared immediately after system administrators began hashing them with the aforementioned Unix utility cryptin the 1970s. It's known that as early as 1978, emulators were running on PDP-11/70 computers cryptto try various hash variants at a rate of approximately 800 passwords (hashes) per second.
The first information security tools with password cracking or verification capabilities were:
- COPS (Local Unix System Audit with Weak Password Detection)
- Crack
- Cracker Jack
- goodpass.c and CrackLib (later included in passwd, yppasswd, etc.)
- password
Other popular tools include L0phtCrack and Hydra .
Over the past thirty years, brute-force methods and hardware have evolved significantly, leading to significant performance gains , as shown in the table below.
With the rise of CPU and GPU performance, the importance of choosing a specific hashing algorithm to make brute-force attacks more difficult (slower) became clear. Many web developers used PHP's built-in saltless hashing function in the 1990s md5(), but since 2007, support phpassfor bcrypt has been added, so the industry has gradually and automatically migrated to stronger hashing algorithms. The average password length has also been steadily increasing. According to statistics, it increased from 4.4 characters in 1989 to 7.9 characters in 2009 (see "The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords" , 2012 IEEE Symposium on Security and Privacy ).
It can be assumed that with the widespread use of password managers in the second half of the 2010s, password lengths have increased even further.
New hashing algorithms are being developed to be as CPU-, GPU-, and memory-unfriendly as possible, to minimize computational overhead on any device, including FPGAs and ASICs.
However, password-guessing programs are also constantly evolving, implementing new methods to improve their efficiency. Cloud platforms, with their ability to scale workloads virtually infinitely within a data center, have proven a major help. Some organizations specializing in brute-force attacks have even built their own data centers to avoid relying on third-party clouds.
