[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] password recovery




Hi,


Roland Kuhn schrieb:

On Jul 26, 2004, at 12:58 PM, Rikard Johnels wrote:

On Monday 26 July 2004 11.01, Tom Knight wrote:

On Sunday 25 July 2004 18.44, Antun Balaz wrote:

And what if the filesystem is encrypted?


-----------8<------------

Mount it the usual way for encrypted systems. I dont use it so i cant
tell you how. The actual filesystem isnt relevant. As long as you can
access it ok. Just mount it rw and chroot into it.


But if the FS is encrypted with the root-PW
you`ve got _real_ trouble.


Correct me if I'm wrong but I'd say "In that case you are cooked!!"

Not that i know much of encrypted FS's, but id say you are pretty lost by
then. Unless you can brutecrack the encryption with some forensics
software...


Start looking for post-it notes near the console....

Tom.


LOL! Well unfortunately that IS a relevant observation...
(Been there, done that, trashed the user badly for compromising the security)
But all jokes aside.
If you DON'T know the password for the encryption, i think you are lost...

Well, that's the idea of encryption, isn't it? There might however be a chance to find the encryption key on the swap partition. I haven't looked at the code if it is really impossible that the relevant pages get swapped out.

But, just to reiterate what has been said earlier: if the root partition is not encrypted, you can always boot with init=/bin/sh and do whatever you want. inittab doesn't matter because /bin/sh is not known to read that file, and it doesn't ask for any password either. ;-)

Regards,
                    Roland


And just to mention, cause (i guess) it was never
said in this thread.

You can secure this by giving the boot-loader
a Password, giving the Bios a Password,
and configure Bios to only boot from
Harddisk.

If you want.

Dirk

-- TRIA IT-consulting GmbH Joseph-Wild-Stra?e 20 81829 Munchen Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de --------------------------------------------------------

working hard | for your success
--------------------------------------------------------

Registergericht Munchen HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschaftsfuhrer: Hubertus Wagenhauser
--------------------------------------------------------
Nachricht von: dirk.schreiner@xxxxxxx Nachricht an: suse-security@xxxxxxxx # Dateianhange: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur fur den oben genannten Empfanger bestimmt. Wenn Sie nicht der vorgesehene Empfanger dieser E-Mail oder mit der Aushandigung an ihn betraut sind, weisen wir darauf hin, da? jede Form der Kenntnisnahme, Veroffentlichung, Vervielfaltigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you

















--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here