“Linux Tips and Tricks”, cracking passwords and security
Carla Schroder of Linux Today has posted a nice list of her Linux tips and tricks, here.
One tip I could not make work is Cracking Passwords. The program simply refused to identify my passwords file. I found that it might be because it doesn’t support this kind of encryption or something like that.
This reminded me of another tool I’ve played with a couple of years ago. It is called Ophcrack and it is available from http://ophcrack.sourceforge.net/.
This beauty cracks Windows passwords. In its most convenient form it is a bootable Linux CD. Once it boots, it automatically detects Windows installation and begins its work. I didn’t believe it, but it took it less then a minute to crack a password on my Windows XP machine. This is despite I use non-dictionary, letters and digits strong password – it is not very strong though.
Linux proponents always mention viruses, trojans and other pieces of nasty software that swarm on Windows machines. This is the most obvious advantage Linux security model has over security model in Windows. But the real power of Linux security is in things like password protection, file access permissions, user management and SELinux. Windows has it too, but in Linux you have it all right on your desktop system or on your VPS and for free.
Back to password cracking, I tried to find a utility that can crack password of Ubuntu 9.04 and I didn’t find one. Then I thought, why on earth someone would need such a utility (for legal reasons I mean). After all, it is so simple to boot Linux into single user mode and run passwd.
My question is that if you have enabled single user mode, then what’s the use of password, just set auto boot with the username and password.
One think I find hard in Linux, is to set the default username and not the password. I mean in windows at my home, I know I will only use this machine. So, it won’t ask me for a username just only the password, in case my laptop is stolen, (lets suppose, I hope it never will). But in Linux, I can’t do the same, if I set the login user, it won’t ask me for a password.
@Priyank
Single user mode is not for a daily work. It is a recovery mode and should not be used for anything other than recovery.
Take Apache for example. Apache usually runs as user www-data yet in single user mode it would have to run with the same user id. This is a security risk.
On the other hand, AFAIK, you can configure Ubuntu 9.04 to login automatically – that is without asking for password.