+ Post New Thread
Results 1 to 8 of 8
Windows Thread, LINUX Finding Local Passwords in Technical; Is their anyway to stop linux from finding windows local passwords?...
  1. #1

    Join Date
    Nov 2011
    Location
    Gloucester
    Posts
    354
    Thank Post
    13
    Thanked 29 Times in 28 Posts
    Rep Power
    23

    LINUX Finding Local Passwords

    Is their anyway to stop linux from finding windows local passwords?

  2. #2

    Join Date
    Jun 2008
    Location
    leicester
    Posts
    741
    Thank Post
    78
    Thanked 188 Times in 154 Posts
    Rep Power
    57
    Maybe if the drive was encrypted. Other than that restricting the BIOS to only boot to the hard drive and putting a password on would reduce the possibility.

  3. #3
    OB1
    OB1 is offline

    OB1's Avatar
    Join Date
    Sep 2011
    Location
    Leeds
    Posts
    520
    Thank Post
    35
    Thanked 164 Times in 139 Posts
    Rep Power
    51
    I'm not sure there is.
    Permissions don't apply if you haven't booted from the OS enforcing them.

    In what situation? Using a live CD? Are you dual booting? Which distro & which version of windows?

    EDIT: difinity, beat me to it.

    If you're dual booting you can set linux not to mount the windows partition at startup. How depends entirely on your distro.
    Mounting partitions/drives is restricted to root usually.
    Last edited by OB1; 12th March 2012 at 01:02 PM.

  4. #4

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,769
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    246
    Quote Originally Posted by bwestlake View Post
    Is their anyway to stop linux from finding windows local passwords?
    You mean is it possible to stop someone booting from a Linux-based boot CD or similar and using a Rainbow Tables-based tool to have a go at cracking your Windows passwords? As pointed out above, physically secure the PC as much as possible (encrypt the harddrive, stop booting off CD or USB, and make sure they can't simply walk off with the PC or laptop). Otherwise, use strong passwords - random-looking mixtures of letters and numbers at least 8 characters long. If you look up Rainbow Tables on Google you'll get a couple of good articles from Microsoft and on Wikipedia which explain the basic principles, along with advice on making a password strong enough to withstand the average Rainbow Tables-based attack.

  5. #5

    Join Date
    Jun 2008
    Location
    leicester
    Posts
    741
    Thank Post
    78
    Thanked 188 Times in 154 Posts
    Rep Power
    57
    Why crack the password, much easier/quicker to blank the password. That's what the popular Linux password editor does. It doesn't matter how complicated or long it is.

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,214 Times in 761 Posts
    Rep Power
    395
    Quote Originally Posted by difinity View Post
    Why crack the password, much easier/quicker to blank the password. That's what the popular Linux password editor does. It doesn't matter how complicated or long it is.
    It depends on your end goal, but in general, password exposure is always more serious than a password reset because:

    1. Most people re-use passwords, so you would likely get access to other systems as well without having to compromise them.
    2. If you reset the password, the user will likely realise their account has been compromised and act accordingly. If you simply discover their password, they may be none the wiser.


    This is why anyone whose 'forgotten password' procedure is to email the existing password needs to be shot.

  7. Thanks to AngryTechnician from:

    difinity (12th March 2012)

  8. #7

    Join Date
    Jun 2008
    Location
    leicester
    Posts
    741
    Thank Post
    78
    Thanked 188 Times in 154 Posts
    Rep Power
    57
    I did just realise after i had posted why knowing the password might be wanted. I've only ever blanked the password.

  9. #8

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,769
    Thank Post
    1,308
    Thanked 804 Times in 698 Posts
    Rep Power
    246
    Jeff Attwood's post on the subject is quite good, if a few years old now:

    Coding Horror: Rainbow Hash Cracking



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 17
    Last Post: 31st December 2013, 11:49 AM
  2. Local Administrator Password Puzzle
    By Andie in forum Windows
    Replies: 18
    Last Post: 11th February 2007, 10:14 PM
  3. Replies: 8
    Last Post: 12th November 2006, 03:02 PM
  4. Replies: 8
    Last Post: 19th July 2006, 02:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •