This story was told to me by a friend I met while serving in the US Army. His name is Stephen Shields and I have no idea where he is now but if he reads this he should contact me.
To give some background on the story I will tell you the following. Steve worked in an IT shop during the mid 1980’s. In this shop he maintained some networks (Unix environment) and, among his colleagues, he was much smart.
I can’t recall if he was working on a university or at IBM, it was over 15 years ago when he told me this story…
At the IT shop where I worked there were a few good techs and one smart one, me. Back in the mid 80’s I was just one worker, among many, who kept the campus mainframe operational.
We ran Unix, like everyone else did, and though my associates at work could handle most of the day-to-day operations of maintaining a mainframe they were not the brightest folks in regards to programming or how Unix worked.
There were a few joke items scattered about the office such as the proverbial “bit bucket” or “metric” rather than standard crescent wrench but, for the most part, it was a fairly serious shop.
One day a few of my associates approached me to ask me a question. It seems they had found the directory and files where all of the passwords were stored along with the usernames. Please understand, this is back in the day when hashing passwords and network security was almost non-existent.
The only network links off campus were in the 300 baud range. It was easier (and faster) to just dump a tape and fly somewhere than attempt to use a link.
Since only admins had root access and all the techs were admins I knew it was only a matter of time until this question surfaced.
“Hey Steve, we were looking at the password file and we noticed something strange.”
“Well, everyone on campus has a password but you.”
“I have a password, you just can’t see it because I’m a super user.”
“What? How come you get to be a super user?”
It was all I could do to keep from cracking up at this point. I wasn’t a super user, I had the same access rights as they people did, but I had a secret…
“Well, if you guys were smart and knew enough about computers maybe you could be super users too!”
They left in a bit of a huff, mumbling to each other how unfair it was that I had special perks that they did not.
The next day my boss pulled me aside, he wanted to know what all the trouble was about and why the other techs were acting uppity. Once again, I had to keep a straight face. I walked with him back to his office, made sure no one was around, closed the door and talked to him.
I brought up the password file and showed him what all the fuss was about. When he saw that I was the only one without a password he grinned. He knew what was going on.
“Yup, that’s me.”
“You got them all worked up over this?”
“Get out of here before I smack you around for being a wise-ass!”
See, the thing that my co-workers never caught on to but my boss saw right away was that the file was ASCII with no encryption or anything. If those passwords had been hashed or displayed in HEX or anything other than ASCII than my coworkers would have never been mislead. What I did was exploit the weakness in the system to make everyone think my password was so secure that no one could see it.
How did I do it? Simple, my password was eight characters long. Eight taps of the spacebar to be precise!