Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack a Password, Save Norwegian History

Posted by chrisd on from the did-they-try-god-or-sex-yet dept.

Christian writes "With the death of the only person who knew the password to an archive held at a museum in Norway, suddenly the data became inaccessible. The result? A nationwide radio appeal asking for "hackers" to volunteer to help solve the problem! The Norway Post has the story." I wonder if they looked under his keyboard yet..

6 of 505 comments (clear)

  1. Re:so.. how are we supposed to store passwords? by sydb · · Score: 4, Insightful

    Do you really want to see your bank manager every time you change any one of your passwords?

    You do change them, right?

    Or every time you get a password for a new service?

    A better idea would be to keep the password to your private key in that bank safe, which decrypts your personal password file that you update regularly.

    --
    Yours Sincerely, Michael.
  2. Re:so.. how are we supposed to store passwords? by GigsVT · · Score: 5, Insightful

    The probability of a sysadmin dying is not large

    On the contrary, it's 100%. It's not a question of if, it's of when.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  3. Raises a serious point by ClickNMix · · Score: 4, Insightful

    This is actually a pretty serious issue with any kind of system where only one person has the password.

    The ISP I once working for nearly went out of business several years back because the only tech with high level access was in a serious car accident and out of action for a month or so.

    Its all very well not writing down passwords, and saying that nothing is going to happen to you, but in the real world, people get ill, run over, fall down etc. - In large companies its more then likely not a problem, but in a small company that has only one tech person doing everything, people need to make sure there is a plan of action for if that person becomes unreachable for any reason.

    --
    I saw the light at the end of the tunnel... But it was just someone with a flashlight bringing more work.
  4. Re:so.. how are we supposed to store passwords? by dcigary · · Score: 5, Insightful

    Whenever I go on vacation, I keep what I call my "Hit By A Bus" document on the system. It's password encrypted and I give that to whomever I deem necessary. It contains passwords, procedures, etc of everything that I do. Then, after returning, I change as many passwords as I can...

    Simple, easy.

    --
    ...my Karma ran over your Dogma...
  5. Re:so.. how are we supposed to store passwords? by dangermouse · · Score: 3, Insightful
    The reason mandatory password changes are used to limit the window of vulnerabiltiy in the event someone does get the password (by hook or by crook). What if someone gains access to your strong password without your knowledge? If you don't change it in 3, 6, or 12 months (or years), they have complete access, potentially without your knowledge.

    It's very likely that if someone gained access to my strong password without my knowledge, they'll have access to the next one I choose as well. Weakening the passwords just helps them get that initial foothold.

  6. Should have had a risk management plan for this by fishbowl · · Score: 3, Insightful

    If someone was interested in this data, they should have covered this kind of situation under a risk management plan. Hindsight being 20/20 and all that, they did not, and someone is now holding the bag. Because there is a file that is known to contain the data they want, they hold out hope that it will be salvageable.

    In reality, this situation is almost the same as if a fire had destroyed the building along with the data, or even as if the person responsible for the data intended for it to die with him. There is a chance, however large or small, that the data will be recovered, but from a business perspective, an appropriate response would be to consider it a loss, start collecting the data again, and learn from the experience. Retrieving the data from the encrypted file is an interesting exercise, but one with uncertain results. Push the file into an academic circle and hope for the best.

    In this case, having the file is misleading a management decision, because it appears as if they still have the data. In reality, they do not, unless an unlikely contingency occurs where someone can retrieve it. Since nobody seems to be able to put a delivery date on that retrieval, or even state the degree of cetrainty with which it can be retrieved, the correct business decision would probably be to consider it lost.

    I'm guessing it's a loss not covered by their insurance.

    This is a harsh assessment of the situation, and I'm only making it because I'm not the one with the data that needs to be recovered :-)

    Another thing I notice is that the party responsible for the data seems interested in limiting the number of people who will get the opportunity to try to crack this, as opposed to just posting the thing to the world as a challenge, perhaps with a reward to the first person to break it. Remember the King Arthur legend -- Arthur wasn't authorized to try for Excalibur!

    The details in the article are sketchy. The title of the Slashdot article seems to be pretty misleading. The file in question doesn't contin the historical documents themselves, but an index to them?

    I'm sorry to hear that a researcher has died in Norway.

    --
    -fb Everything not expressly forbidden is now mandatory.