Password Recovery from stolen hard drive
Brian McKee
brian.mckee at gmail.com
Tue Apr 13 18:24:48 UTC 2010
On Tue, Apr 13, 2010 at 1:23 PM, <p.echols at comcast.net> wrote:
> Last night my laptop was stolen. Is it possible for an attacker, having possession of the hard drive, to determine my login password?
* note - I am assuming we are discussing linux here....
Yes, but not easy. Off the top of my head I believe the system
password file uses SHA512, for which I'm sure rainbow tables exist
somewhere.
So, if you used say 12 or more good random characters mixing case,
numbers and punctuation your password is safe, if not, it could be
guessed if someone really wants to.
Most thieves don't, but it's possible.
**** NOTE YOUR LOGIN PASSSWORD DOES NOTHING TO SECURE YOUR FILES IF
YOUR LAPTOP IS STOLEN ****
It might be hard to figure out your password, but looking at the files
on your computer is **very very trivial** without knowing your
password. Even a common thief is quite likely to know that.
> How about stored in Thunderbird for email login? Browser cache and / or firefox saved passwords?
I'm not sure how TB or FF stores passwords. Your browser cache is
completely unprotected.
Likely similar to the system password, or slightly less secure.
Don't take any chances, go change all your passwords now. Don't worry,
the internet will still be here when you get back.
Brian
--
Hey, it's your computer.... isn't it?
More information about the ubuntu-users
mailing list