Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack a Password, Save Norwegian History

Posted by chrisd on from the did-they-try-god-or-sex-yet dept.

Christian writes "With the death of the only person who knew the password to an archive held at a museum in Norway, suddenly the data became inaccessible. The result? A nationwide radio appeal asking for "hackers" to volunteer to help solve the problem! The Norway Post has the story." I wonder if they looked under his keyboard yet..

5 of 505 comments (clear)

  1. so.. how are we supposed to store passwords? by dikappa · · Score: 5, Interesting

    This is an interesting issue. Any -minimally skilled- IT operator knows he should never tell passes to other people. But, what if this person dies? How can we safely store passwords so that those can be retrieved if "shit happens"? Probably we cannot use encription (you need a pass to decrypt stuff), so what? Probably for most of us, a piece of paper in a safe place at home is enough, hackers *usually* do not break-in to get passwords. But I guess there is people around protecting *really* important data, and they do not trust anyone... what can they do to make passwords "undiscoverable" until "death" or sudden amnesy?

    --
    :dikappa
    1. Re:so.. how are we supposed to store passwords? by dangermouse · · Score: 5, Interesting
      You do change them, right?

      Hell no.

      That is the single most hare-brained bit of common security "wisdom" in the world.

      Years ago, I picked a password that's random as hell and was very difficult to remember. No password cracker-- dictionary *or* brute force-- has broken it yet. I use this password on about ten systems.

      If I changed those passwords on a regular basis, I'd have to come up with something easier to remember to make up for the decreased learning time. That would likely make my password less secure.

      I keep running into admins who-- by hook or by crook-- make their users change passwords periodically. The result? Passwords on Post-It notes; passwords that are the names of pets or wives or firstborn children; sets of passwords that are absurdly simple and that get cycled through.

      If they had just let the users keep their original passwords and run a cracker against the shadow file to turn up the overly simple ones, their systems would be a lot more secure. But somebody told them changing passwords frequently was a good idea, and by god their users are going to change passwords frequently.

  2. I see 5: by Confuse+Ed · · Score: 5, Interesting

    common utilities

    1) tar
    2) ar
    3) grep
    4) ps

    and not so common
    5) rep (well its installed on my system, but I'd never heard of it, further investigation reveals it to be a standalone lisp interpretter from the librep package (see "info librep", I am indeed learning something new every day))

  3. What's needed is a "dead man's 'bot" by Raetsel · · Score: 5, Interesting

    A simple program... something to send that important email, decrypt the data that you honestly don't have to safeguard anymore, etc. A program to take action when you haven't proven (password | biometric | whatever...) your continued existance on a pre-arranged schedule.

    And wouldn't you know it, one exists!

    I caught this discussion at Ars Technica last month. It refers to a cool-sounding program called "Dead Man's Switch (DMS)", which caught the attention of the New York Times.

    Just a few issues...

    • Don't go on vacation for a longer period of time than you have the 'bot set for
      (see either link, "If you're reading this, I'm dead!" type goofs have happened!)

    • What happens when you actually do pass on to the great unknown, don't manage to pay your bills, and your (ISP | power company | shell host) kills your service?

    • Or, more simply, what if your next of kin just tag the 'ol power switch?
    Oh well... no person (or thing!) is perfect. Norway is keenly aware of this right now.

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
  4. Info desired to crack the password... by gdyas · · Score: 5, Interesting

    The following info would help:

    • All the names of his family & friends.
    • All the birth/death/anniversary/etc dates he'd know, especially children or parents.
    • Prominent words or phrases displayed in his office.
    • A selection of words germane to his profession.

    Combine that with the dictionary, mix well, apply cracking script and, most likely, open sesame.

    As Richard Feynman used to say about safes, 99.9% of what keeps people from getting in is the perception of security, not real security. This from a guy who used to sneak in & out of Los Alamos at will during the Manhattan project.

    --

    The only tool you've got against psychosis is experience.