Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack a Password, Save Norwegian History

Posted by chrisd on from the did-they-try-god-or-sex-yet dept.

Christian writes "With the death of the only person who knew the password to an archive held at a museum in Norway, suddenly the data became inaccessible. The result? A nationwide radio appeal asking for "hackers" to volunteer to help solve the problem! The Norway Post has the story." I wonder if they looked under his keyboard yet..

14 of 505 comments (clear)

  1. What i want to know is.. by Xuranova · · Score: 1, Interesting

    Does my name get to be a part of history for single handly saving it?

    --
    "There is no real right or wrong, just what the majority accepts at the time."
  2. so.. how are we supposed to store passwords? by dikappa · · Score: 5, Interesting

    This is an interesting issue. Any -minimally skilled- IT operator knows he should never tell passes to other people. But, what if this person dies? How can we safely store passwords so that those can be retrieved if "shit happens"? Probably we cannot use encription (you need a pass to decrypt stuff), so what? Probably for most of us, a piece of paper in a safe place at home is enough, hackers *usually* do not break-in to get passwords. But I guess there is people around protecting *really* important data, and they do not trust anyone... what can they do to make passwords "undiscoverable" until "death" or sudden amnesy?

    --
    :dikappa
    1. Re:so.. how are we supposed to store passwords? by Ted+Maul · · Score: 2, Interesting

      A technique I've seen is to get two people to type in the first and second parts of the password (without telling each other what they are). That way you need both people to get in. As a backup measure, they both write down their password bits and these get sealed in separate envelopes in separate safes just in case. Oh, and in case a manger might need to get in you can number them 1 and 2.

      --

      The Day Today - Game Warden to the Events Rhino
    2. Re:so.. how are we supposed to store passwords? by Anonymous Coward · · Score: 3, Interesting

      Maybe i'm missing the obvious but....

      Lawyers are bound to non-disclosure of an individual's last will and testament, if I am not mistaken. (until death, at which time it is revealed to those individuals referenced therein)

      It seems, therefore, that the password (or some part of it at least) should be kept in the will, which should only be accessible once you die. Although this will rely on confidence in the lawyer you choose, their firm, etc.
      But generally, seems like it should work.
      If necessary, tell the other half to one or two other big-wigs, or stored in a safe. So both your death and the aforementioned access are necessary.

    3. Re:so.. how are we supposed to store passwords? by dangermouse · · Score: 5, Interesting
      You do change them, right?

      Hell no.

      That is the single most hare-brained bit of common security "wisdom" in the world.

      Years ago, I picked a password that's random as hell and was very difficult to remember. No password cracker-- dictionary *or* brute force-- has broken it yet. I use this password on about ten systems.

      If I changed those passwords on a regular basis, I'd have to come up with something easier to remember to make up for the decreased learning time. That would likely make my password less secure.

      I keep running into admins who-- by hook or by crook-- make their users change passwords periodically. The result? Passwords on Post-It notes; passwords that are the names of pets or wives or firstborn children; sets of passwords that are absurdly simple and that get cycled through.

      If they had just let the users keep their original passwords and run a cracker against the shadow file to turn up the overly simple ones, their systems would be a lot more secure. But somebody told them changing passwords frequently was a good idea, and by god their users are going to change passwords frequently.

  3. I see 5: by Confuse+Ed · · Score: 5, Interesting

    common utilities

    1) tar
    2) ar
    3) grep
    4) ps

    and not so common
    5) rep (well its installed on my system, but I'd never heard of it, further investigation reveals it to be a standalone lisp interpretter from the librep package (see "info librep", I am indeed learning something new every day))

  4. What's needed is a "dead man's 'bot" by Raetsel · · Score: 5, Interesting

    A simple program... something to send that important email, decrypt the data that you honestly don't have to safeguard anymore, etc. A program to take action when you haven't proven (password | biometric | whatever...) your continued existance on a pre-arranged schedule.

    And wouldn't you know it, one exists!

    I caught this discussion at Ars Technica last month. It refers to a cool-sounding program called "Dead Man's Switch (DMS)", which caught the attention of the New York Times.

    Just a few issues...

    • Don't go on vacation for a longer period of time than you have the 'bot set for
      (see either link, "If you're reading this, I'm dead!" type goofs have happened!)

    • What happens when you actually do pass on to the great unknown, don't manage to pay your bills, and your (ISP | power company | shell host) kills your service?

    • Or, more simply, what if your next of kin just tag the 'ol power switch?
    Oh well... no person (or thing!) is perfect. Norway is keenly aware of this right now.

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
    1. Re:What's needed is a "dead man's 'bot" by jhines0042 · · Score: 3, Interesting

      Seems like this would be an ideal hosted service. On its regular schedule it sends you an email to remind you to go to the web site. If you don't go to the web site within a certain (configurable) amount of time to "reset" the switch then the action is taken. The action is most likely an email release of some data to certain folks.

      But for a fee it could be something more complicated.

      Of course, keeping this site secure would be most interesting once people started using it for self protection blackmail "you'd better not kill me" purposes like what always happens in the movies.

      --
      42 - So long and thanks for all the fish.
  5. Irony of Ironies by LittleGuy · · Score: 2, Interesting

    When they do crack the files, they'll just find his grocery lists.

    --
    Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
  6. They are lucky! by frits · · Score: 2, Interesting

    They are lucky that this unfortunate employee was not using biometrics to protect the archive.

  7. Re:Slashdoted Text by Jeppe+Salvesen · · Score: 2, Interesting

    I dunno about the history of the name of "ottar", though I know it's widely used in the germanic world. Think Otto.

    However, 'Grepstad' is a surname derived from the name of a farm. 'stad' means place, so his last name would mean something like 'place of grep'. 'Grep' means several things in norwegian. I believe some farming implement goes by 'grep', but also it could mean to grasp (physically, mainly). Besides, those farm names stem from archaic norwegian, so 'grep' might have meant something else in the past.

    --

    Stop the brainwash

  8. Info desired to crack the password... by gdyas · · Score: 5, Interesting

    The following info would help:

    • All the names of his family & friends.
    • All the birth/death/anniversary/etc dates he'd know, especially children or parents.
    • Prominent words or phrases displayed in his office.
    • A selection of words germane to his profession.

    Combine that with the dictionary, mix well, apply cracking script and, most likely, open sesame.

    As Richard Feynman used to say about safes, 99.9% of what keeps people from getting in is the perception of security, not real security. This from a guy who used to sneak in & out of Los Alamos at will during the Manhattan project.

    --

    The only tool you've got against psychosis is experience.

  9. Re:its sad... by boomer_rehfield · · Score: 2, Interesting

    See...this would be all fine as long as he kept the password locked away in his will so that in the event of his death.... you get the picture...

    --
    Carpe Canem - Seize the Dog
  10. Re:Sorry, can't help... by hublan · · Score: 2, Interesting
    While we are the world's policeman, our laws can only be extended so far beyond our borders before right-minded people start ignoring them.

    Tell that to Jon Johansen. Maybe it'll save his day.

    --
    My spoon is too big.