LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-29-2004, 11:11 PM   #1
JrLz
Member
 
Registered: Mar 2004
Location: Jakarta
Posts: 164

Rep: Reputation: 30
forgot my password ? i can change the password


Excuse me, gurus , addicts, members and other newbies
I'm a
I saw a thread in this forum saying
" I forgot my root password, what should I do? "
and then come replies like these:
1." go to single mode, change the root password"
2."run live cd , boot it, mount your hdd, chroot, and change the pasword"

my question is, is it that easy to get the root access??
any suggestion to secure that?
 
Old 03-29-2004, 11:31 PM   #2
twilli227
Member
 
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760

Rep: Reputation: 30
If you have physical access to the computer, then yes it is that easy, whether it is linux, windows or any number of operating systems. You could password protect the bios, bootloader, set permission on the mount command, remove the cdrom, diskette drive. Lock your case, or deny access to the computer to begin with. There are other precautions you could take, do a search on this site or google for more info.
 
Old 03-31-2004, 11:28 PM   #3
tunnelit
LQ Newbie
 
Registered: Mar 2004
Posts: 9

Rep: Reputation: 0
As long as someone has access to the box they WILL get passwords. A good processor, decent amount or RAM and the right apps = PASSWORDS....

LM hashes = OH MY GOD DISABLED THOSE THINGS.....

I was at my friends house the other day and had his admin pw cracked in literally 10 minutes. The poor guy about crapped his pants. He told me he thought it took months to years to brute force 8 character pw's. I started laughing, this one took ten minutes. LM's are disabled now....

It's a good idea to test your passwords... Until I started cracking them I had no idea how easy they were to crack, whether MD5 or w/e....


My friend's password was an easy one..... letmeinplease, lol......... Most people might call that a good long password, heh...

Whether you lock BIOS or not if I can boot your computer up to the login screen I can crack your password on it. Boot from CD right into a linux platform without installin anything and copy your password files to take home and crack. Then depending on your security probably dial ya up remotely and be in. If not that, next time ya stop by the place you could drop a trojan or enable the right service cause you would have root pw. I can hear the sirens now, hehe....

Use passwords like these.

hello3849gblak39da8kj2nbye, I'm not kidding either, lol......... Just write it down on a piece of paper and memorize it. Put the piece of paper away somewhere safe.

edit: and yes you could change the password, everything of course "is much much easier to do against a win box though".

Last edited by tunnelit; 03-31-2004 at 11:33 PM.
 
Old 04-01-2004, 12:26 AM   #4
melinda_sayang
Member
 
Registered: Dec 2003
Location: Petaling Jaya
Distribution: Ubuntu
Posts: 475

Rep: Reputation: 31
[QUOTE]Originally posted by tunnelit

Use passwords like these.

hello3849gblak39da8kj2nbye, I'm not kidding either, lol......... Just write it down on a piece of paper and memorize it. Put the piece of paper away somewhere safe.

[/QOUTE]

That password is a good idea if you running server but if you just use linux for desktop applications, it is not fun if everytime you want to install applications that need root password, you have to type many characters.

I think the security must not be extreme one. Not too easy. Not too hard. You must have a security policy. If you run a server, then yes, you have to make a wonderful password.

That is just my opinion.
 
Old 04-01-2004, 12:30 AM   #5
jackshck
LQ Newbie
 
Registered: Sep 2003
Distribution: Debian Unstable
Posts: 3

Rep: Reputation: 0
every time you increase security you decrease convenience
 
Old 04-01-2004, 02:38 AM   #6
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
An 8 character password does take a long time to crack with brute force (days/weeks unless the cracker gets lucky). You don't have to have a very long password; just one which isn't caught by dictionary attacks.

Ross Anderson has done some good research on this issue - read the paper here.

Nothing wrong with long passwords, but be aware that there are many more ways to find a password than just cracking it.

On the original question, the only really effective way of preventing someone with physical access and time from breaking in is to encrypt the hard drive. That's pretty much true for any OS. There are how-tos around; but you might prefer just to encrypt your data which is simpler.

Other things which raise the bar against attackers with physical access include BIOS passwords, LILO passwords, cutting the time LILO sits on the menu before booting to a minimum and making sure that the hard drive is first in the BIOS boot list.
 
Old 04-01-2004, 10:44 PM   #7
twilli227
Member
 
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760

Rep: Reputation: 30
quote:
As long as someone has access to the box they WILL get passwords. A good processor, decent amount or RAM and the right apps = PASSWORDS....

Yes good passwords are important, but if someone has access to your box, then all you have to do is boot your favorite cd, mount the hardrive and you are in.

quote:
On the original question, the only really effective way of preventing someone with physical access and time from breaking in is to encrypt the hard drive. That's pretty much true for any OS. There are how-tos around; but you might prefer just to encrypt your data which is simpler.

Pretty much sums it all up.
 
Old 04-05-2004, 08:30 PM   #8
JrLz
Member
 
Registered: Mar 2004
Location: Jakarta
Posts: 164

Original Poster
Rep: Reputation: 30
Hmmmmm..............
BIOS password seems uncrackable (without special hardware)
It's the most important right (for the box) ???
 
Old 04-05-2004, 09:16 PM   #9
shellcode
Member
 
Registered: May 2003
Location: Beverly Hills
Distribution: Slackware, Gentoo
Posts: 350

Rep: Reputation: 32
Quote:
Originally posted by JrLz
Hmmmmm..............
BIOS password seems uncrackable (without special hardware)
It's the most important right (for the box) ???
take the battery out for 10 minutes or so and the BIOS password is gone.
 
Old 04-06-2004, 07:36 PM   #10
JrLz
Member
 
Registered: Mar 2004
Location: Jakarta
Posts: 164

Original Poster
Rep: Reputation: 30
Yes, of course, I mean --> uncrackable without special hardware tweaking,
(without opening the box)

Can someone get rid off the BIOS password ?
tunnellit , can you???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Forgot PASSWORD !!! bipinkdas Ubuntu 2 03-27-2005 10:37 AM
forgot my password navaladi Linux - Newbie 2 12-22-2004 08:47 AM
forgot password =( ?!?! j_miguel_y Linux - General 1 08-31-2004 11:58 AM
How can I change e-mail password(or linux account password) with php in website?? yusuf Programming 1 05-28-2004 09:39 AM
Just change Samba password, not Unix password? sorrodos Linux - Networking 1 08-14-2003 07:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration