topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 6:49 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: In search of ... a universal password reset/retrieval system  (Read 4283 times)

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
In search of ... a universal password reset/retrieval system
« on: September 26, 2011, 01:49 PM »
Folk,

I was over at Addictive Tips and Ghacks earlier today.  Both had entries on passwords.

Has anyone ever seen a universal password retrieval/reset system?  I remember one (1) when Win98 was extant that seemed to work pretty well, but it went the way of the dodo.  Don't think it even worked with Win98SE, but uncertain in that respect.  It certainly couldn't deal with NT.

It's not an overweening need, but strikes me it'd be awfully handy.  There are retrievers for Office and for specific Windows versions that dig out the activation key(s) and the authorization key(s), but they tend to be pretty version specific.  Surprisingly - to me, anyway - there's not a generic tool to find or reset such things in Windows.  Not just the MS products, but all products.  For instance, what if you needed to find the registration data for, say, Acronis True Image, or perhaps for an Easus product ... maybe even for some shareware product.

Yeah, the algorithms for such a beast would be tough  :tellme:.  And many  :o.  But it still surprises me that there's nothing extant in the field.  Or have I missed something?

What's your favourite retrieval system?

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,610
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #1 on: September 26, 2011, 02:39 PM »
Hm, any good system that stores a password, only stores a hash of it, that can't be reverted, just the calculation repeated with the correct password delivering the same hash.
So it would be nearly impossible to revert that, without a brute force attack, and even that could take from hours to more than a lifetime :o

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #2 on: September 26, 2011, 03:09 PM »
This password reset works very well in Windows XP/Vista/7 for user passwords.

http://pogostick.net/~pnh/ntpasswd/

It is a bootable ISO that needs to be burned to a CD (there is a bootable USB version too if you prefer).

Only caveat is that if file encryption has been used in Windows then you should not use it (the encryption uses the original password so if you reset the password none of your files can be decrypted again without reinstating the original password).

In most cases file encryption isn't used and this tool basically just reverts user accounts back to 'no password' state and does it very easily.

There are lots of tools that read license jeys - one of the best I have found is SIW. See http://www.gtopala.com/ (look for the free version which works fine for this).

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #3 on: September 26, 2011, 04:43 PM »
@ath
Yeah, that's fine in theory ... but we both know that it doesn't happen that way in the real world very often.  I can pull easily a dozen different protected proggies off my hard drive that rely upon the most common of protections, obfuscation  ;D.  Very few protected systems use much more.

@Carol
Yep, use SIW myself when the need arises.  Never got the USB part working, though ... still too many systems that won't boot from a USB stick  :huh:.

Folk, I'm not looking for a cure-all here, just opinions on what works best for you when the time comes to correct - usually - someone else's errant memory.  Although, re-iteratively, I'm still amazed that no one has yet - to my knowledge - pulled all the various recovery systems into one cohesive whole.  After all, barring real hashing, it'd be just a matter of compiling eleventy-seven scripts into one umbrella program.  Shouldn't need genius, just patience and perseverance  :P.

And I suspect that a decent cryptographer could make pretty strong headway into a lot of the hashes, but that may be an opinion born of ignorance.  I've dealt with this in past corporate days, and seldom failed - not because I'm brilliant - I ain't  :( - but because most of my coworkers were not, either.

When I forayed into the cryptographic realm, I learned that most hashes are only as strong as what is fed them - that's why [most] dictionary attacks work - and if you know the person involved in generating the password, even a dictionary attack is not often needed - or, at least, it's a much smaller dictionary  ;).  (After the fact, that seems obvious beyond the need of mention  :-\.)  

It's just that, after reading the two (2) sites previously mentioned, I got to wondering why no one had merged/meshed all the extant methodologies into a single vessel.  Be a whole lot easier to use - but, then, that may be my previously mentioned short term memory talking  :P.

[Edited for typo]

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #4 on: September 26, 2011, 06:12 PM »
If you're totally gung-ho on super secure passwords, your bet bet is probably to head over to www.random.org, generate a listing of very long and truly random passwords.  And then use them in conjunction with a good password manager that allows a paste or form-fill option.  The weak point in the system will be the rememberable password needed to get into the PW manager, but them's the breaks. You could always prefix your real password with something (an asterisk, exclamation point, etc) and not include it in your PW manager's list. Do a paste, then hit home, add your excluded character and "Bob's yer Uncle." At least if someone gets into your PW app, the passwords that are there won't be complete without the excluded character(s).

Not particularly elegant. But it does work quite well in practice.  ;D

MilesAhead

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 7,736
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #5 on: September 26, 2011, 07:10 PM »
I think this article is aimed more at recovering or overwriting the Admin password.  But some of the tools also work on non-Windows OS.

http://pcsupport.abo.../tp/passrecovery.htm


barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #6 on: September 26, 2011, 07:47 PM »
He-he-he  ;D.  I do something quite similar to generate my own passwords.  Use a thing called Key Maker ... every password is unique for the phrase I enter, and even if you knew my penchant for phrases, you'd be highly unlikely to guess the prefix/suffix I add.  It's not the strongest generator around, but it's more than adequate for most of my usage, and a dictionary crack is well nigh impossible unless you happen to have a few Crays around  :-\.

However, it doesn't detect passwords, and that's what I'm after.  Seems every time I turn around, I see another retriever for MS Office nnnn or Windows nn.  Usually presented as the ultimate retriever/reset.  But a lot of programs want passwords that none of the crackers I've encountered will even begin to approach.

It's kinda like the Giveaway of the Day stuff.  I quit frequenting the site because any crash or any reinstall will wipe out your access to your dividend(s) from that site.  Oh, it can be done, but the time and effort are seldom worth it.  But, given a decent tracking system and a functional cracker, that would not be a major issue.

And, while their are some pretty decent recovery tools for non-Windows OSes - mostly Linux derivatives, don't know about Mac stuff - there doesn't seem to be anything extant for Windows non-MS progs.  OphCrack is probably the best I've used, or maybe SIW, but neither will tell me the MySQL password, for instance, nor the InfoSelect password used to encrypt an element, nor ... you get the picture, I'm certain.

Generally, all these things can be found, barring catastrophic failure, but if you're using a program you installed a decade ago, you prolly don't recall the password used to install/run it.  So moving it to a different hard drive, under Windows, can be problematic, to say the least.  Granted, some apps use a hardware footprint, so they cannot be easily moved from one machine to another.  But for the ones that simply require a password, there's very little that I've found that can be of help.

This is not [for me] a pressing need, but I'm amazed, considering the width and breadth of talent on the Internet, that this has not been done - or at least approached, with requests for beta testing, RFC, etc.



The point here is to be able to recover a broken system and reinstall all that was there before.  Yeah, a decent imaging app would pretty much obviate that problem, but how many casual users do you know who even begin to think about disk/system images, much less keeping such an image updated :huh:?

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
Re: In search of ... a universal password reset/retrieval system
« Reply #7 on: September 26, 2011, 07:51 PM »
@Miles Ahead
Thanks for the reminder.  I had that bookmarked several crashes agone, but had forgotten it.  'Tis very useful, or at least 'twas in the past.  Kudos, sir :Thmbsup: :Thmbsup: :Thmbsup:.