How is a computer pasword cracked?

[Brian-M]

If you have physical access you really don't need to bruteforce. You can usually just use a boot disk and then change the password file(ie, reset or clear the password).

You can do that on most operating systems.

There was a simple way to get into a computer protected with a BIOS password. You just open open up the computer and disconnect the BIOS battery for a few seconds, so it forgets it ever had a password.

Not very useful... most users don't even know how to get into BIOS, let alone how to set the password.

(I'm not even sure if computers still use a battery for BIOS either. It's been a few years since I've messed around inside of one.)

 

[LordoftheLeftHand]

I don't know much about this myself but I do remember the old Excel worksheet protection passwords were encrypted in such a way that there were far less encrypted versions than there were actual passwords (i.e. many different words encrypted to the same string) which massively narrows down the brute force search.

Yes you can break an Excel worksheet protection password with a macro in the same workbook! It takes about 5 to 10 mins (in my experience).

 

[LordoftheLeftHand]

Another nasty attack is to replace a system service with a bat file that will created an administrator account, then get the service to run. You used to be able to do this with the screen saver under windows XP!

 

[Ethan Thane Athen]

If you have physical access you really don't need to bruteforce. You can usually just use a boot disk and then change the password file(ie, reset or clear the password).

You can do that on most operating systems.

Indeed. My daughter locked the only admin account on her new, Vista based laptop - reckons she tried to change the password, changed her mind halfway through then instead of cancelling, used the back button to 'undo' it. Password actually seemed to be corrupt - no combination of old or what she'd tried to change it to worked. Other accts on the laptop didn't give you rights to create or amend an admin account so she was effectively locked out of it.

I created a Linux boot disk, booted from that, accessed the Windows registry and edited out the password - effectively re-setting it so there wasn't one. Worked a treat.

Our work PCs have whole disk encryption so if they're stolen, even transferring the disk to a second machine as a slave disk will not allow access to the contents.

 

[Blue Bubble]

Really? Do elaborate.

Start with this posting on news://comp.risks (though the "European Microbiology Lab" mentioned should be the "European Molecular Biology Laboratory").

I don't want to reveal my real name easily (though it's not difficult to find through my Blue Bubble nickname, and it's clear from the comp.risks entry and the reference to EMBL above).

Them was interesting times (and it all ended with real tragedy - if I remember names correctly, I think it was Pengo who "died"). And to add to it all, it was all taking place round the time when my older son was born in July 1987.

If you want more details, PM me.

 

[Dancing David]

Indeed, an interesting period of my history. I feature in the book

I was the whistle-blower.

Wow.

 

[Dancing David]

There was a simple way to get into a computer protected with a BIOS password. You just open open up the computer and disconnect the BIOS battery for a few seconds, so it forgets it ever had a password.

Not very useful... most users don't even know how to get into BIOS, let alone how to set the password.

(I'm not even sure if computers still use a battery for BIOS either. It's been a few years since I've messed around inside of one.)

It is nugger to get to as well, but hey if you have the time, it works. Many techs have to do it at work, there are machines that do not have the standard IT password because they were set up in the old days before the unified IT department.

One of these gets a problem and you need to get into the system but the employee who enterd 'my little pookey' is unknown, not employeed and was a moron to begin with. So pop out the BIOS battery and wait.

Although the LINUX trick sounds good.

 

[Wudang]

There's an even simpler method. Type "override security" and here's the trick, do it twice the second time in a masterful manner. Seen it in the movies.

 

[Christian Klippel]

There was a simple way to get into a computer protected with a BIOS password. You just open open up the computer and disconnect the BIOS battery for a few seconds, so it forgets it ever had a password.

Not very useful... most users don't even know how to get into BIOS, let alone how to set the password.

(I'm not even sure if computers still use a battery for BIOS either. It's been a few years since I've messed around inside of one.)

Well, usually there are "master passwords" for BIOSes. At least back then when i was working in a computer company, assembling and servicing machines, we got lists of master passwords for the various BIOS revisions of several manufacturers, like AMI, Award or Phoenix.

With the rise of the internet, partial lists are also available online now. Like this one for example. With some spare time you can search the net and compile a bigger master-password-file out of all the lists you find. However, most of these lists don't tell you what password is valid for what revision of the BIOS.

BIOS passwords are usually the weakest ones in terms of protection, since they can be overridden easily by using such lists.

Don't know if that's the still valid today, but i guess it is.

Greetings,

Chris

 

[Kevin_Lowe]

I read once where a mans computer was confiscated because the police suspected he had child porn on it. Apparently the portion of his computer with the alledged porn was protected by a very well executed password. He refused to give them the password using the fifth amendment. I don't know how this turned out. The police said they were going to get help cracking the password but like I said I have no idea how this turned out.

As I recall it turned out that the judge decided that refusing to give the password was the equivalent of refusing to hand over your private files, not the equivalent of refusing to give testimony against oneself. In other words, it's contempt of court and you can sit in a cell until you remember the password.

 

[moopet]

Well, the BIOS battery trick doesn't work on a lot of machines. Try it on a laptop sometime
I remember a couple of tricks I did in my youth: replicating the BIOS password screen with a C program, disabling C-A-D and leaving the machine turned on at night, so when the IT manager came in in the morning they dutifully typed in the password, thought to themselves "I must have got it wrong" because my app said they had, all the while logging their keystrokes.
Tricking people is the easiest thing. We used to send mail from other people's accounts by the cheesiest trick in the book - edit the binary, find an instance of "%s" near "please enter your password" and change it for a carriage return. On systems which didn't do any encrypting, which was common back in the dark ages, this resulted in the program comparing what you typed with an empty string. Once you were in, you could do anything.
Some machines in said dark ages I remember were secured with physical locks instead of passwords. Two paperclips and 60 seconds in front of the terminal meant you could add another account with admin rights and come back in a week to use it. Once you have access to one thing, you can get access to more.
Things aren't much different now - the technology has improved, but the ways around it are often still, like magic tricks, a lot simpler than you'd guess.

 

[jsiv]

Yeah, it tends to not work on modern laptops. The reason, of course, is because they are so easy to steal. The password is now stored in separate non-volatile memory that doesn't require battery power. Sucks if you forget it, but it can be reset by the manufacturer if you can prove ownership.

The only actual need for a battery is to power the clock, and even this isn't needed most of the time because laptops tend to always have a battery plugged in anyway, and desktop machines have standby power even when you turn it "off" (most people don't seem to realize this, but the machine has access to 5V up to about 1A even when off).

 

[Childlike Empress]

Them was interesting times (and it all ended with real tragedy - if I remember names correctly, I think it was Pengo who "died").

It was Hagbard.

 

[Brian-M]

(most people don't seem to realize this, but the machine has access to 5V up to about 1A even when off).

My desktop doesn't... I've set up a seperate switch that turns off the power to the 4-in-one powerboard the computer/monitor/printer is plugged into. It bugged me that when the computer was off, the monitor would still have standby-power and the optical mouse would light-up every time I bumped it.



I liked how the old computers had an actual power switch instead of a silly on/off button.

 

[Blue Bubble]

It was Hagbard.

Ah, yes, thanks, of course it was Hagbard. It was with Hagbard I had my initial on-line "conversation" that alerted me to the goings-on. Tragic and sad though his death was, he was extremely naïve.

This brings back floods of memories.

 

[uruk]

There is also session hijacking or "side jacking" which bypasses the need for password cracking.


http://en.wikipedia.org/wiki/Sidejacking#Methods

 

[ZouPrime]

Just a note:
There is a difference between passwords that are encrypted via a two-way algorithm and a password that goes through a one way hashing algorithm such as MD5 or SHA.
For example, the hash of the string "foo" is "acbd18db4cc2f85cedef654fccc4a4d8"
Attempting to get foo from that string, without using a dictionary, would take a lot more computer power than a password that has been encrypted using a two-way algorithm.
An easy way to avoid a brute force attack that uses a lookup table, is to salt the password:
$salt="foo";
$hash_to_be_stored_in_db m = MD5($password . $salt)

It's true that passwords are typically hashed when stored in a databse - so if an attacker steal the database he only has access to the hashes and can't easily know which plaintext password is responsabile for which entry.

But I have no idea what you mean when you say that "a password that is encrypted via a two-way algorithm" would take less computer power to decrypt. Two-way encyption algorithms (also called synchronous encryption algorithms) are used in completely different contexts for completely different purposes, and varely rarely to encrypt "passwords" (unless you're assuming that password = session key). And modern two-way algorithm are considered impossible to break in practice (at least with regard to a brute-force break). In fact, giving the state of the SHA familly of algorithms, I would put my trust on AES way before SHA-2 or even SHA-256 (assuming these algorithms were used in the same contexts, which isn't the case).

 

[aerosolben]

I read once where a mans computer was confiscated because the police suspected he had child porn on it. Apparently the portion of his computer with the alledged porn was protected by a very well executed password. He refused to give them the password using the fifth amendment. I don't know how this turned out. The police said they were going to get help cracking the password but like I said I have no idea how this turned out.

As I recall it turned out that the judge decided that refusing to give the password was the equivalent of refusing to hand over your private files, not the equivalent of refusing to give testimony against oneself. In other words, it's contempt of court and you can sit in a cell until you remember the password.

Actually, I believe the opposite occurred. It definitely remains a contentious issue, though - I believe there was a fraudster who was held indefinitely in contempt until he revealed the location of known-but-not-identified foreign accounts with his ill-gotten gains.

The difference may be that the latter might have been a civil action, or there may have been sufficient evidence already to convict the guy and the judge was just attempting to compel restitution in line with the verdict.