Is the grub-crypt in the same format as passwd crypt? I know it supports fewer hash schemes, but basically I'm trying to see if I can crack the pw with a generic cuda cracker or if I have to write something special...

Lest someone tell me how I can just disable the password, what I'm actually trying to recover is a BIOS password that I'm pretty sure is the same as the grub password. I'm making a last ditch attempt here before I shell out money for an eeprom reader that I will doubtless never use again, not to mention the hours and risk in disassembling and reassembling everything.

Lucky me BIOS passwords are restricted to 7 character A-Za-z0-9 so it should be possible to brute force. And of course as an aside, this is why you should *not* set your BIOS password the same as something else if you depend on it for security. Though then again, its not clear what a BIOS password would prevent if someone has time, skills, and the physical access to take out the hdd and read it.

The GRUB password isn't the same as a BIOS password. BIOS passwords are stored in CMOS memory on the motherboard, and there's usually a jumper or dip switch allowing you to clear it.

And yes, physical security is important. nothing but disk encryption stops anything for someone with unrestricted access to the hardware.

Sorry, I meant that in this particular case I remember setting them to the same thing. I've since forgotten both, but since there's no way to get at the BIOS password (this is a lenovo and unfortunately there is no such jumper), I'm going for the grub one instead in the hopes that I remember correctly that they're the same.

If you need to get to the drive, just yank the drive and stick it into another computer temporarily.

If you need to get the motherboard to talk to you, "Google" the documentation on the mobo ... there's always some obscure DIP-switch setting that will reset/override the BIOS password.

In both cases, the intended defense is meant to be against someone who for whatever reason can't "just open the thing up, yank the drive, and so on." If you can do these things, then these defenses are (usually ...) designed to be rather easily circumvented "as a matter of practical necessity."

I can get to the drive---otherwise I wouldn't be able to get the grub password hash in the first place. As for the magic dip/jumper, trust me, no such thing exists. Lenovo, at least in most models, stores the supervisor password in a seperate eeprom rather than in CMOS. Thus even removing the CMOS battery and letting it sit for weeks won't clear it. Lenovo's recommended way of dealing with this situation is to buy a new motherboard. Seriously. Of course, people have figured out a way around this, but that involves taking the thing apart and connecting the disassembled computer to power, then probing the leads of the eeprom and connecting that to a second computer/device via some eeprom chip. Anyway, in theory it should be easy to pop the hard disk, transfer the hash from grub, then use a cuda-based cracking program to brute force the password. Maybe not a lot easier, but at least I wouldn't have to buy eeprom-serial or whatever chips and go probing my disassembled yet powered on motherboard. Basically I just want to know that the grub password is a normal format before I start, so that I won't waste my time with false negatives.