Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack a Password, Save Norwegian History

Posted by chrisd on from the did-they-try-god-or-sex-yet dept.

Christian writes "With the death of the only person who knew the password to an archive held at a museum in Norway, suddenly the data became inaccessible. The result? A nationwide radio appeal asking for "hackers" to volunteer to help solve the problem! The Norway Post has the story." I wonder if they looked under his keyboard yet..

38 of 505 comments (clear)

  1. Slashdoted Text by Technician · · Score: 5, Informative

    5. Juni 2002

    Hackers respond to password challenge

    Hackers have responded in large numbers to an appeal from the director of a culture center and literary museum on the west coast of Norway.

    The password to one of their library archive systems is missing.

    The museum built in honour of the famous Norwegian linguist Ivar Aasen received a gift of more than 1600 books and documents which had been catalogued and registered in a national data bank, which researchers and interested people may access.

    Only trouble was that the expert who had helped the donor with the archiving work had died, and had failed to pass on the password.

    In order to get access to the data base, Director Ottar Grepstad appealed on nationwide radio for help to solve the problem.
    The response was above expectations, and the director is now busy chosing the expert most likely to solve the problem.

    (NRK)

    (this loaded very slow, but I got it.)

    --
    The truth shall set you free!
    1. Re:Slashdoted Text by ObviousGuy · · Score: 5, Funny

      Ottar Grepstad

      Heh. The director's got two Unix utilities in his name and he *still* can't hack the system.

      I'm sure there's a joke in there somewhere.

      --
      I have been pwned because my /. password was too easy to guess.
    2. Re:Slashdoted Text by Hiro+Antagonist · · Score: 5, Funny

      *sigh*

      If only his name was John Libcrypt...

      --

      --
      I Hit the Karma Cap, and All I Got Was This Lousy .sig.
    3. Re:Slashdoted Text by VivianC · · Score: 3, Funny

      [The] Only trouble was that the expert who had helped the donor with the archiving work had died, and had failed to pass on the password.

      Sounds like a job for John Edward, master hacker!

      --
      Viv

      Gmail invites for ip
  2. Don't worry, I've already cracked it by Henry+V+.009 · · Score: 4, Funny

    I've already cracked it. Got the archives open right here. Let's see:

    In the year 1005, the 1337 v1k0rs raided the English coast for raping and pillaging...

  3. As a Swede, all I can say is... by weird+mehgny · · Score: 5, Funny

    ...this only happens in Norway :)

    1. Re:As a Swede, all I can say is... by kilogram · · Score: 3, Funny

      ... and Norwegians make fun of Swedes... Somehow it does not complete the circle... :)

    2. Re:As a Swede, all I can say is... by fallacy · · Score: 4, Funny

      Which are invariably themselves...

    3. Re:As a Swede, all I can say is... by Anonymous Coward · · Score: 5, Funny

      ...just wait till you get computers, then we'll the laughs will be ours.

    4. Re:As a Swede, all I can say is... by iphayd · · Score: 3, Funny

      I guess that would be because you are all blond, and the password would be "password"?

    5. Re:As a Swede, all I can say is... by jahalme · · Score: 5, Funny

      Yes, and while the swedes and norwegians are attemtping to grok complicated concepts, such as passwords, we finns write our own operating systems. ;)

    6. Re:As a Swede, all I can say is... by Dr.+Cody · · Score: 5, Funny

      But, when it comes down to it, what could they possibly hope to learn by recovering this archive of Norwegian history? How Norwegian troops threw grenades at the Swedes, and, consequentially, how the Swedes pulled out the pins and threw them back?

  4. so.. how are we supposed to store passwords? by dikappa · · Score: 5, Interesting

    This is an interesting issue. Any -minimally skilled- IT operator knows he should never tell passes to other people. But, what if this person dies? How can we safely store passwords so that those can be retrieved if "shit happens"? Probably we cannot use encription (you need a pass to decrypt stuff), so what? Probably for most of us, a piece of paper in a safe place at home is enough, hackers *usually* do not break-in to get passwords. But I guess there is people around protecting *really* important data, and they do not trust anyone... what can they do to make passwords "undiscoverable" until "death" or sudden amnesy?

    --
    :dikappa
    1. Re:so.. how are we supposed to store passwords? by Rui+del-Negro · · Score: 5, Funny

      Tattoo the password inside their body. Or inside their pants; IT operators' pants are never removed near / by other people anyway.

      RMN
      ~~~

    2. Re:so.. how are we supposed to store passwords? by sydb · · Score: 4, Insightful

      Do you really want to see your bank manager every time you change any one of your passwords?

      You do change them, right?

      Or every time you get a password for a new service?

      A better idea would be to keep the password to your private key in that bank safe, which decrypts your personal password file that you update regularly.

      --
      Yours Sincerely, Michael.
    3. Re:so.. how are we supposed to store passwords? by GigsVT · · Score: 5, Insightful

      The probability of a sysadmin dying is not large

      On the contrary, it's 100%. It's not a question of if, it's of when.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
    4. Re:so.. how are we supposed to store passwords? by Anonymous Coward · · Score: 3, Interesting

      Maybe i'm missing the obvious but....

      Lawyers are bound to non-disclosure of an individual's last will and testament, if I am not mistaken. (until death, at which time it is revealed to those individuals referenced therein)

      It seems, therefore, that the password (or some part of it at least) should be kept in the will, which should only be accessible once you die. Although this will rely on confidence in the lawyer you choose, their firm, etc.
      But generally, seems like it should work.
      If necessary, tell the other half to one or two other big-wigs, or stored in a safe. So both your death and the aforementioned access are necessary.

    5. Re:so.. how are we supposed to store passwords? by cowbutt · · Score: 5, Informative
      Any -minimally skilled- IT operator knows he should never tell passes to other people. But, what if this person dies? How can we safely store passwords so that those can be retrieved if "shit happens"?

      Google for "secret sharing" and you'll find plenty of references. Essentially, the secret (i.e. the password) is converted into a value that intercepts an axis of a n-dimensional graph. m points in n-dimensional space are then generated such that they lie in a straight line on a single plane. You can then distribute the values of the m points safe in the knowledge that you need at least n of them in order to calculate the point of interception of the secret.

      AFAIK, this is how things like launch codes for nukes are stored and distributed (to counter the twin threats of elimination of keyholders preventing nukes from being launched, and to prevent a single rogue keyholder launching without appropriate authorisation).

      Apologies to the maths/crypto purists out there if my description is fuzzy, over-simplified, or plain wrong, but it's been a while... ;-)

      Better explanations can be found on RSA's site and in Ross Anderson's book "Security Engineering"

      --

    6. Re:so.. how are we supposed to store passwords? by say · · Score: 3, Funny
      No. When you retire from work, you are no longer a sysadmin. Then you are a human being. It's true! Although you have the infinite power of sysadmining now, it will disappear overnight when you retire.

      So.. hah!

      --
      Roses are #FF0000, violets are #0000FF, all my base are belong to you
    7. Re:so.. how are we supposed to store passwords? by dangermouse · · Score: 5, Interesting
      You do change them, right?

      Hell no.

      That is the single most hare-brained bit of common security "wisdom" in the world.

      Years ago, I picked a password that's random as hell and was very difficult to remember. No password cracker-- dictionary *or* brute force-- has broken it yet. I use this password on about ten systems.

      If I changed those passwords on a regular basis, I'd have to come up with something easier to remember to make up for the decreased learning time. That would likely make my password less secure.

      I keep running into admins who-- by hook or by crook-- make their users change passwords periodically. The result? Passwords on Post-It notes; passwords that are the names of pets or wives or firstborn children; sets of passwords that are absurdly simple and that get cycled through.

      If they had just let the users keep their original passwords and run a cracker against the shadow file to turn up the overly simple ones, their systems would be a lot more secure. But somebody told them changing passwords frequently was a good idea, and by god their users are going to change passwords frequently.

    8. Re:so.. how are we supposed to store passwords? by dcigary · · Score: 5, Insightful

      Whenever I go on vacation, I keep what I call my "Hit By A Bus" document on the system. It's password encrypted and I give that to whomever I deem necessary. It contains passwords, procedures, etc of everything that I do. Then, after returning, I change as many passwords as I can...

      Simple, easy.

      --
      ...my Karma ran over your Dogma...
    9. Re:so.. how are we supposed to store passwords? by edp · · Score: 5, Informative

      Er, I'm not sure what you're getting at. For example, any set of points (in a space of more than two dimensions) that "lie in a straight line" are necessarily also in a plane and are in fact in infinitely many planes.

      Shamir's secret sharing is easy to describe: Any polynomial of degree k-1 can be completely figured out from k points on it but not from k-1 points. So to share a secret among any number of people so that any k of them can figure out the secret and any k-1 of them cannot, you make up a polynomial whose value at x=0 is the secret and you tell each person the value of the polynomial at other points (at x=1, x=2,...).

      For example, any 2 points define a line (a polynomial of degree 1). If you tell me where the line is at x=1 and x=2, I can figure out where the line is at x=0. But if you only tell me where the line is at x=1, I haven't got a clue where it is at x=0, because it could still be anywhere. If you gave a million people different values for x=1, x=2,... x=1000000, no one of them would know the value of the line at x=0, but any two of them could figure it out.

    10. Re:so.. how are we supposed to store passwords? by gregfortune · · Score: 4, Funny

      Sounds like a good way to get into bed too. The only way for the "bad guys" to get your password is to send a really hot girl over to your house. Ya know, this is probably the last hope for most ./ readers.

    11. Re:so.. how are we supposed to store passwords? by dangermouse · · Score: 3, Insightful
      The reason mandatory password changes are used to limit the window of vulnerabiltiy in the event someone does get the password (by hook or by crook). What if someone gains access to your strong password without your knowledge? If you don't change it in 3, 6, or 12 months (or years), they have complete access, potentially without your knowledge.

      It's very likely that if someone gained access to my strong password without my knowledge, they'll have access to the next one I choose as well. Weakening the passwords just helps them get that initial foothold.

  5. I see 5: by Confuse+Ed · · Score: 5, Interesting

    common utilities

    1) tar
    2) ar
    3) grep
    4) ps

    and not so common
    5) rep (well its installed on my system, but I'd never heard of it, further investigation reveals it to be a standalone lisp interpretter from the librep package (see "info librep", I am indeed learning something new every day))

  6. More info by Man+Eating+Duck · · Score: 5, Informative

    A little info:

    The database is from Dbase 4, I don't know how the security is on that format. It contains data about the norwegian linguist Ivar Aasen. For those interested in giving it a try, just search on norwegian pages to find the directors email address (name in another post). He's received quite a few emails already... (No, won't give the address here, pity the one who gets his email published on Slashdot).

    Please excuse crappy english, save your grammatic flames.

    --
    Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
  7. Sorry, can't help... by juliao · · Score: 5, Funny

    I wish I could help, but I do intend to travel to the US at some later time in my life, and I don't want to be arrested for circumventig a protection device or something... Boy, do you americans have stupid laws...

    --

    free the mallocs!

  8. What's needed is a "dead man's 'bot" by Raetsel · · Score: 5, Interesting

    A simple program... something to send that important email, decrypt the data that you honestly don't have to safeguard anymore, etc. A program to take action when you haven't proven (password | biometric | whatever...) your continued existance on a pre-arranged schedule.

    And wouldn't you know it, one exists!

    I caught this discussion at Ars Technica last month. It refers to a cool-sounding program called "Dead Man's Switch (DMS)", which caught the attention of the New York Times.

    Just a few issues...

    • Don't go on vacation for a longer period of time than you have the 'bot set for
      (see either link, "If you're reading this, I'm dead!" type goofs have happened!)

    • What happens when you actually do pass on to the great unknown, don't manage to pay your bills, and your (ISP | power company | shell host) kills your service?

    • Or, more simply, what if your next of kin just tag the 'ol power switch?
    Oh well... no person (or thing!) is perfect. Norway is keenly aware of this right now.

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
    1. Re:What's needed is a "dead man's 'bot" by jhines0042 · · Score: 3, Interesting

      Seems like this would be an ideal hosted service. On its regular schedule it sends you an email to remind you to go to the web site. If you don't go to the web site within a certain (configurable) amount of time to "reset" the switch then the action is taken. The action is most likely an email release of some data to certain folks.

      But for a fee it could be something more complicated.

      Of course, keeping this site secure would be most interesting once people started using it for self protection blackmail "you'd better not kill me" purposes like what always happens in the movies.

      --
      42 - So long and thanks for all the fish.
  9. Re:this dosn't make sense. by hyoo · · Score: 5, Funny

    Crack a password, save history.
    Get a cable modem, go to jail. [slashdot.org].

    What kind of crazy backwards world are we living in?

    Ladies and Gentlemen of slashdot it does not make sense. If Chewbacca lives on Endor you must acquit.

  10. Public access? by ciryon · · Score: 5, Funny

    Well? What's the URL so we can all try it? They gotta trust me, I'm swedish! ;-)

  11. Raises a serious point by ClickNMix · · Score: 4, Insightful

    This is actually a pretty serious issue with any kind of system where only one person has the password.

    The ISP I once working for nearly went out of business several years back because the only tech with high level access was in a serious car accident and out of action for a month or so.

    Its all very well not writing down passwords, and saying that nothing is going to happen to you, but in the real world, people get ill, run over, fall down etc. - In large companies its more then likely not a problem, but in a small company that has only one tech person doing everything, people need to make sure there is a plan of action for if that person becomes unreachable for any reason.

    --
    I saw the light at the end of the tunnel... But it was just someone with a flashlight bringing more work.
  12. Information on Aasen, the Aasen museum and nynorsk by say · · Score: 4, Informative
    Here is some information gathered from the Ivar Aasen museum.

    The National Centre of the New Norwegian Language and Culture

    • Opened June 2000, as a centre for adventure and information on language and cultural matters.
    • Designed by the architect Sverre Fehn, who has received the most outstanding international awards of architecture. Mr Fehn has also designed the Norwegian Glacier Museum at Fjærland.
    • The most modern and sophisticated building in Norway, and a traditional Norwegian country courtyard with four old buildings.
    • Presents a modern exhibition on language throughout the world (you may even find your own language there), the New Norwegian language, Norwegian culture, and an Ivar Aasen Museum, using modern electronic facilities as well as traditional, elegant presentation.
    • All information in the exhibitions will be in Norwegian and English.
    • An in-door concert hall with 110 seats; an outdoor amphitheatre with 300 seats.
    • Concerts, readings, theatre, library, art gallery, conferences, the annual New
    • Norwegian Festival of Literature and Music.
    • In our cafeteria with 50 seats, we plan to serve traditional food and sophisticated new dishes created especially for the Ivar Aasen Centre by some of the best Norwegian cooks.
    • A place for surprises, a nice meal, relaxing walks on easy paths into the nearby woods with glimpses of the Norwegian fjords.

    The New Norwegian Language

    • Norwegian consists of two written languages, Norwegian Bokmål (Dano-Norwegian) and Norwegian Nynorsk (New Norwegian), which are mutually understandable, but based on very different historical traditions.
    • A long union with Denmark (1380-1814) made Danish the only written language for all Norwegians, but in the dialects the old Norwegian language lived on as an oral language.
    • About 1850 Ivar Aasen published a dictionary and a grammar which set the standards for a new written language, The New Norwegian, as a common denominator for the dialects. Improving the cultural and social status of the lower classes; this language played a major role in the development of democracy in Norway.
    • Today, New Norwegian is the main language of 20 % of the inhabitants, mainly in rural districts. Although it is a lesser used language than Dano-Norwegian in general, it is the main language of Western Norway and is used daily in mass media, at schools, churches and in public administration all over the country. 25 % of the Norwegian newspapers are published in New Norwegian, and some of the major theatres and publishing houses use only this language.
    • Some of the best authors write in New Norwegian, e.g. Jon Fosse, whose plays were performed in 14 European countries in the 1990's.

    Ivar Aasen

    • Born at Aasen, close to the Hovden airport, as a son of a poor farmer in 1813. Died in Oslo 1896 as a highly respected intellectual, also abroad. Poet, linguist and founder of the New Norwegian language.
    • Collected words and expressions from the living dialects by walking throughout most of Norway, altogether about 5000 km - more than 3100 miles.
    • Knew more about Norwegian customs, traditions and everyday life in the 19th century than anyone else.
    • Even today, some of his poems and songs are among the most popular.
    • An eager botanist; his collection of 500 flowers and plants is in a very good condition.
    • His linguistic methods are today used in several countries in both Africa and Asia.
    --
    Roses are #FF0000, violets are #0000FF, all my base are belong to you
  13. And in other news.... by Ooblek · · Score: 4, Funny

    Days ago, Ottar Grepstad, director of the culture center and literary museum on the west coast of Norway, was busy selecting his expert of choice to hack a password known only by a dead man. It has been revealed that only minutes after his public appeal for a skiller hax0r to recover this password, his archive was ow3nd by Kevin Mitnick. The notorious hacker released information found in the archive that seems to indicate that Britney Spears was concieved by using frozen sperm from non other than Mike Tyson himself. The egg donor was only referred to in the archive as "Camilla" and it is suspected she is the same woman that Prince Charles is dating.

  14. Info desired to crack the password... by gdyas · · Score: 5, Interesting

    The following info would help:

    • All the names of his family & friends.
    • All the birth/death/anniversary/etc dates he'd know, especially children or parents.
    • Prominent words or phrases displayed in his office.
    • A selection of words germane to his profession.

    Combine that with the dictionary, mix well, apply cracking script and, most likely, open sesame.

    As Richard Feynman used to say about safes, 99.9% of what keeps people from getting in is the perception of security, not real security. This from a guy who used to sneak in & out of Los Alamos at will during the Manhattan project.

    --

    The only tool you've got against psychosis is experience.

  15. Re:And sometimes... by dadragon · · Score: 3, Funny

    (blinks) Isn't that sort of like "The Germans, not including The French" ?

    No. To a European, "America" == North and South America, including Canada, Mexico, USA, Peru, French Guiana, etc.

    I love it when a European tells me that an average American is so badly schooled that the average European better knows their American history. After asking them who Malcolm Little is, which they never know, and after patiently listening to how some hollywood movie has history all wrong (what a shocker, that), I usually give them an example of classy European geography like this, and send them on their way.

    1) Who is Malcolm Little?
    2) It's a matter of perspective, a European considers all of North and South America to be "America", Americans and Canadians consider the USA to be "America".

    It's like in Canada, somebody from BC would tell you that the "west" is BC and Alberta, somebody from Alberta will tell you it's BC, Alberta, and maybe Saskatchewan. And somebody from SK will tell you that the "East" is Ontario and Quebec, where somebody from Ontario or Quebec will tell you that they're "Central" Canada, when technically they are not, the centre is in Manitoba.

    --
    God save our Queen, and Heaven bless The Maple Leaf Forever!
  16. Should have had a risk management plan for this by fishbowl · · Score: 3, Insightful

    If someone was interested in this data, they should have covered this kind of situation under a risk management plan. Hindsight being 20/20 and all that, they did not, and someone is now holding the bag. Because there is a file that is known to contain the data they want, they hold out hope that it will be salvageable.

    In reality, this situation is almost the same as if a fire had destroyed the building along with the data, or even as if the person responsible for the data intended for it to die with him. There is a chance, however large or small, that the data will be recovered, but from a business perspective, an appropriate response would be to consider it a loss, start collecting the data again, and learn from the experience. Retrieving the data from the encrypted file is an interesting exercise, but one with uncertain results. Push the file into an academic circle and hope for the best.

    In this case, having the file is misleading a management decision, because it appears as if they still have the data. In reality, they do not, unless an unlikely contingency occurs where someone can retrieve it. Since nobody seems to be able to put a delivery date on that retrieval, or even state the degree of cetrainty with which it can be retrieved, the correct business decision would probably be to consider it lost.

    I'm guessing it's a loss not covered by their insurance.

    This is a harsh assessment of the situation, and I'm only making it because I'm not the one with the data that needs to be recovered :-)

    Another thing I notice is that the party responsible for the data seems interested in limiting the number of people who will get the opportunity to try to crack this, as opposed to just posting the thing to the world as a challenge, perhaps with a reward to the first person to break it. Remember the King Arthur legend -- Arthur wasn't authorized to try for Excalibur!

    The details in the article are sketchy. The title of the Slashdot article seems to be pretty misleading. The file in question doesn't contin the historical documents themselves, but an index to them?

    I'm sorry to hear that a researcher has died in Norway.

    --
    -fb Everything not expressly forbidden is now mandatory.
  17. In Still Other News by milo_Gwalthny · · Score: 3, Funny

    UN Peacekeepers were sent in to Scandinavia today to avert the escalation of an increasingly bitter round of invective between representatives of the area's countries. Tensions began to abate, however, as the traditional taunting gave way to the relatively modern sport of "USA-Bashing."

    --
    Milo