LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   forgot my password ? i can change the password (https://www.linuxquestions.org/questions/linux-security-4/forgot-my-password-i-can-change-the-password-164010/)

JrLz 03-29-2004 11:11 PM

forgot my password ? i can change the password
 
Excuse me, gurus , addicts, members and other newbies
I'm a :newbie:
I saw a thread in this forum saying
" I forgot my root password, what should I do? "
and then come replies like these:
1." go to single mode, change the root password"
2."run live cd , boot it, mount your hdd, chroot, and change the pasword"

my question is, is it that easy to get the root access??
any suggestion to secure that?

twilli227 03-29-2004 11:31 PM

If you have physical access to the computer, then yes it is that easy, whether it is linux, windows or any number of operating systems. You could password protect the bios, bootloader, set permission on the mount command, remove the cdrom, diskette drive. Lock your case, or deny access to the computer to begin with. There are other precautions you could take, do a search on this site or google for more info.

tunnelit 03-31-2004 11:28 PM

As long as someone has access to the box they WILL get passwords. A good processor, decent amount or RAM and the right apps = PASSWORDS....

LM hashes = OH MY GOD DISABLED THOSE THINGS.....

I was at my friends house the other day and had his admin pw cracked in literally 10 minutes. The poor guy about crapped his pants. He told me he thought it took months to years to brute force 8 character pw's. I started laughing, this one took ten minutes. LM's are disabled now....

It's a good idea to test your passwords... Until I started cracking them I had no idea how easy they were to crack, whether MD5 or w/e....


My friend's password was an easy one..... :tisk: letmeinplease, lol......... Most people might call that a good long password, heh...

Whether you lock BIOS or not if I can boot your computer up to the login screen I can crack your password on it. Boot from CD right into a linux platform without installin anything and copy your password files to take home and crack. Then depending on your security probably dial ya up remotely and be in. If not that, next time ya stop by the place you could drop a trojan or enable the right service cause you would have root pw. I can hear the sirens now, hehe....

Use passwords like these.

hello3849gblak39da8kj2nbye, I'm not kidding either, lol......... Just write it down on a piece of paper and memorize it. Put the piece of paper away somewhere safe.

edit: and yes you could change the password, everything of course "is much much easier to do against a win box though".

melinda_sayang 04-01-2004 12:26 AM

[QUOTE]Originally posted by tunnelit

Use passwords like these.

hello3849gblak39da8kj2nbye, I'm not kidding either, lol......... Just write it down on a piece of paper and memorize it. Put the piece of paper away somewhere safe.

[/QOUTE]

That password is a good idea if you running server but if you just use linux for desktop applications, it is not fun if everytime you want to install applications that need root password, you have to type many characters.

I think the security must not be extreme one. Not too easy. Not too hard. You must have a security policy. If you run a server, then yes, you have to make a wonderful password.

That is just my opinion.

jackshck 04-01-2004 12:30 AM

every time you increase security you decrease convenience

iainr 04-01-2004 02:38 AM

An 8 character password does take a long time to crack with brute force (days/weeks unless the cracker gets lucky). You don't have to have a very long password; just one which isn't caught by dictionary attacks.

Ross Anderson has done some good research on this issue - read the paper here.

Nothing wrong with long passwords, but be aware that there are many more ways to find a password than just cracking it.

On the original question, the only really effective way of preventing someone with physical access and time from breaking in is to encrypt the hard drive. That's pretty much true for any OS. There are how-tos around; but you might prefer just to encrypt your data which is simpler.

Other things which raise the bar against attackers with physical access include BIOS passwords, LILO passwords, cutting the time LILO sits on the menu before booting to a minimum and making sure that the hard drive is first in the BIOS boot list.

twilli227 04-01-2004 10:44 PM

quote:
As long as someone has access to the box they WILL get passwords. A good processor, decent amount or RAM and the right apps = PASSWORDS....

Yes good passwords are important, but if someone has access to your box, then all you have to do is boot your favorite cd, mount the hardrive and you are in.

quote:
On the original question, the only really effective way of preventing someone with physical access and time from breaking in is to encrypt the hard drive. That's pretty much true for any OS. There are how-tos around; but you might prefer just to encrypt your data which is simpler.

Pretty much sums it all up.

JrLz 04-05-2004 08:30 PM

Hmmmmm..............
BIOS password seems uncrackable (without special hardware)
It's the most important right (for the box) ???

shellcode 04-05-2004 09:16 PM

Quote:

Originally posted by JrLz
Hmmmmm..............
BIOS password seems uncrackable (without special hardware)
It's the most important right (for the box) ???

take the battery out for 10 minutes or so and the BIOS password is gone.

JrLz 04-06-2004 07:36 PM

Yes, of course, I mean --> uncrackable without special hardware tweaking,
(without opening the box)

Can someone get rid off the BIOS password ?
tunnellit , can you???


All times are GMT -5. The time now is 05:41 AM.