I feel nasty - lets crack passwords

[viking60]

Well actually I do not feel that nasty, but I thought it was time for a little wake up call: Once anyone has physical access to your computer; ALL bets are off! Why? you say? Well I have not yet met a Windows system or Mac that I could not crack the password of. And that does not make me special at all - it is just that easy. For some reason I have never cracked a Linux password - but that is supposed to be even easier. Encryption really is worth a look....

.

For Windows you can just use ophcrack and that will work on Mac too.
If it does not, you can do it like this on OS X 10.5:

Restart the computer and press COMMAND + S. When at the prompt, type:

fsck -fy

mount -uw /

launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist

dscl . -passwd /Users/UserName newpassword

That’s it. Now that the password is reset, and you can login.
On OS X 10.4 you will be needing the installation CD - but as I said Ophcrack will work.

I am not saying this because I am a bad Berserk, but to raise your awareness about your PC security. We have been through many of the threats and risks of social media etc now it is time to secure the physical access to your box - if you know what is good for you

So let us hear it Gurus; how easy is it on Linux?

[dedanna1029]

Never tried it, never will. I haz scruples (believe it or not).

[viking60]

Ok Now that dedanna has finished lying - anyone?
Seriously - What do you do if you forget your password?
This is important enough and goes to the security of all systems. If someone has physical access, the login is not much of a protection. Encryption would be a way to secure your data.
Those Microsoft frauds even try to exploit your physical access to your computer by using you as a proxy.
I am not even sure the login should be more secure - but the notion that it is very secure needs to be enlightened.

[rolf]

Well, unless there is a bios password and/or bootloader password, the kernel command line of the bootloader can be edited at boot time to boot to single user mode. Here, root password can be changed, then all the user passwords after that. That is for the common, default installation, afaik.

I live alone and am not so mindful of unauthorized usage. If someone steals the machine, I guess there is some data in the disks that could be used to my detriment but there is not so much potential financial reward for the thief to make this a likely enterprise.

Encryption seems like a further level of security but, also, another layer of complication that, possibly, could make my life unnecessarily harder to enjoy.

[viking60]

Yes That is always the problem. But the awareness is a good thing. I do think that Truecrypt works well and has no negative effects except that you have to enter the password everytime the "disk" is mounted.
And your description of the password crack for Linux seems to fit what I now have read about it. There is the BIOS too of course.... That seems safe.

[dedanna1029]

Seriously, I have not and would not try to crack passwords. I have much better things to do with my life.

I also have never forgotten my computer password. However, if I were to, it would be as simple as hitting ESC at the login screen, or Ctrl+Alt+F2, and going to tty. From there, it's simple as the passwd command, I would think, as most have other users on their system but one. Login to tty from another one, and go for it.

With that having been said, I do keep a BIOS password.

Encryption seems like a further level of security but, also, another layer of complication that, possibly, could make my life unnecessarily harder to enjoy.

This is my rub. Also, I don't do financial transactions on my computer, or anything that I wouldn't mind anyone else seeing anyway.
I'm just not "there" with encryption. I'm also careful.

I do think that Truecrypt works well and has no negative effects except that you have to enter the password everytime the "disk" is mounted.

So, if this whole thing is over forgetting my password in the first place, why the hell do I want another one to forget?

[viking60]

Yeah, how can I argue with that - screw all passwords. It is true that if you loose that password then it is over - you will not be able to enter. That is why I have a small section only for documents and pictures of my nude bottom.
And as we now all realize you are a supreme moral being for not cracking passwords. I just am to simple minded to understand how cracking your own boxes should be immoral in the first place - but there you have me. The guy from the dark side of the force

[dedanna1029]

If we're cracking our own, that's one thing. If we're cracking someone else's, that's entirely another.

Edit: I guess I'm not understanding here. Are we setting out to give people ideas, or trying to understand that maybe we should be more careful, and that for any OS, there's ways to crack passwords?

I myself have never seen a good strong password fail (at bare minimum any more, 20 to 25 characters, with a combo of caps, smalls, numbers, and special characters), whatever the task. Gone are the days of 8-character passwords, that any Tom, Dick, or Harry can get into and do as they will with. These days, we also should be careful online, and careful with our personal information.

The one single thing that I started hating about the internet (and still do), is that people seem to think it OK to give out to anywhere or anyone, personal information that in reality should go to no one, and to keep on something like a computer, the same. I think also to create software that enables people to do as they shouldn't, is a crime in a way, because it doesn't negate that they shouldn't. Things should just not be that convenient for people.

[gnuuser]

the sad thing is though. as long as there are spammers and add agencies out there , some one will always be paying others to crack passwords and steal personal information that they can sell and or exploit.
your best bet is strong encryption and refraining from storing personal info on the computer

[dedanna1029]

I fail to see the necessity for trying to remember password #5,762, when I can just keep stuff off my computer though. I mean, we're talking online banking and paying our bills here? Woooooooowww, does anyone ever stop to think how serious that is, just to put all the info to on a machine??? How many credit card companies, and retailers have been hacked, and whoever hacked them got their passwords, personal info, everything???

Edit: Let me put it to you like this: If they can crack whole online retailers' passwords, bank passwords, credit card passwords, et. al, then who's to say they couldn't crack your encryption password? The people that do these things are NOT idiots, when they commit their crimes.

[viking60]

Well the FBI did not manage to crack a truecrypt password from a corrupt bank guy - Despite their resources - so that one is pretty safe.