The Realm of the Verbal Processor

Jarvis's Ramblings

Cracking Passwords

When I arrived in Oklahoma on my trip to my cousin’s funeral, one of the big tasks was getting into my cousin’s computer. She had left it turned on and locked. She had changed the passwords for every administrator account on the computer to passwords that no one else knew. In particular, there were four programs running on her computer that my aunt was really wanting to be able to see what was on her computer screen. We figured one was probably a web browser, one was her instant messenger program, one was possibly her Bible program, and the fourth was an unknown.

Since I am the computer guy, they asked me to see if I could get into it. Because we didn’t know the password to any of the admin accounts, it wasn’t possible to simply change the password and log in. We also didn’t want to shut the computer down, because that would lose whatever was on her screen. That left us with guessing passwords. Over the course of two days, we probably entered three hundred potential passwords…everything we could think of related to Christianity, Lutheranism, her EMT studies, her boyfriend, other family members, birthdates, as well as some of the more common simple passwords (qwerty, 12345, asdfjkl, the word “password”, admin, a blank password, her username, etc). All to no avail. (BTW…side note…if your password is any of the common ones listed, don’t bother…anyone wanting to get into your computer will be in it within half an hour anyway. Change it to something that will actually be useful. Personally, my passwords are typically sentences…around 24-35 characters.)

I had let my aunt know that a Plan B…if we couldn’t guess the password…was to shut it down and I’d take the hard drive out, pull off the password files (SAM database and System registry hive), and crack the password offline. On Friday night we got to that point. I threw the drive into an external USB enclosure, and pulled those two files out of c:\windows\system32\config. I then downloaded and installed Cain on my computer and started the cracking process. The initial pass did not crack the password, so I loaded a dictionary file that I have used when doing password auditing for the organization I work for. That dictionary file has 1,425,824 “words”…essentially any combination of characters that you want to run through a password cracker. I don’t remember where I got the original version of that file, but it is an almost 16MB text file. Less than ten minutes later, we had her password…laryngoscope. Definitely not one that we would have guessed any time this year.

That leads me to another statement. If you don’t maintain physical security of your computer…you have no security. I couldn’t guess Carrie’s password, but once I took the hard drive out, I had all of her files within minutes. Now…if the files are encrypted…that’s a whole different ballgame. Without the encryption key, I’ll never read the files.

February 10, 2008 Posted by | computers, tech | , , , | 2 Comments

Trip to My Cousin’s Funeral

When I found out last week that my cousin Carrie had died, I assumed that I wasn’t going to be able to afford to go. My first looking at flights seemed to confirm that…they started at $640 and went up sharply from there. NO way I could afford that on my missionary salary! Then I came across flights from Sanford FL (just north of Orlando) to Wichita through Allegiant Airlines. Total cost of my flight was $96…and no…I didn’t leave off a number…it was under $100.

I spent a lot of time with my Aunt and her family. Got to spend time with my cousin Robert (Carrie’s brother) and Robert’s wife Karoline who I’ve never had the opportunity to really talk with. I really enjoyed spending time with them. My aunt asked me to speak at Carrie’s memorial service. That was truly an honor. I was happy to do so.

Robert and Karoline had just gotten there. Robert was playing bass guitar for a punk/hardcore/thrash band that was in the midst of a tour of Europe when he got the call (honestly not sure if that link is the band he was touring with…he plays with a few bands). Karoline spent twelve hours getting in touch with him and getting him a flight back home.

Robert and I have joked (sort of joked…partially serious) about applying for The Amazing Race. We are opposite on almost everything you can imagine. Politics, religion, height, appearance, vocational choice, amount of body art, diet…name it…we are probably opposite. I have to imagine the producers would at least consider us…they would be expecting big fights which would make for great “reality TV”. Funny thing is that we get along really well.

February 10, 2008 Posted by | life, relationships | , , , , | Leave a comment

   

%d bloggers like this: