[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] password recovery



On Jul 26, 2004, at 12:58 PM, Rikard Johnels wrote:

On Monday 26 July 2004 11.01, Tom Knight wrote:
On Sunday 25 July 2004 18.44, Antun Balaz wrote:
And what if the filesystem is encrypted?

-----------8<------------

Mount it the usual way for encrypted systems. I dont use it so i cant tell you how. The actual filesystem isnt relevant. As long as you can
access it ok. Just mount it rw and chroot into it.

But if the FS is encrypted with the root-PW
you`ve got _real_ trouble.

Correct me if I'm wrong but I'd say "In that case you are cooked!!"

Not that i know much of encrypted FS's, but id say you are pretty lost by
then. Unless you can brutecrack the encryption with some forensics
software...

Start looking for post-it notes near the console....

Tom.

LOL! Well unfortunately that IS a relevant observation...
(Been there, done that, trashed the user badly for compromising the security)
But all jokes aside.
If you DON'T know the password for the encryption, i think you are lost...

Well, that's the idea of encryption, isn't it? There might however be a chance to find the encryption key on the swap partition. I haven't looked at the code if it is really impossible that the relevant pages get swapped out.

But, just to reiterate what has been said earlier: if the root partition is not encrypted, you can always boot with init=/bin/sh and do whatever you want. inittab doesn't matter because /bin/sh is not known to read that file, and it doesn't ask for any password either. ;-)

Regards,
					Roland

--
TU Muenchen, Physik-Department E18, James-Franck-Str. 85747 Garching
Telefon 089/289-12592; Telefax 089/289-12570
--
A mouse is a device used to point at
the xterm you want to type in.
Kim Alm on a.s.r.

Attachment: PGP.sig
Description: This is a digitally signed message part