| dc.description.abstract | Unauthorized access to computers and theft of proprietary information are two problems leading to large economical losses for organizations around the world. Thousands of laptops often containing vital information are lost at airports every day. Organizations and people in general often believe that the sensitive information is inaccessible because of the login mechanism. Even though we demand that our systems should prevent unauthorized access, we also expect that the access to the operating system can be restored when a password is lost. We require that authorized persons can regain the access to the computer, while unauthorized persons are prevented access. A good solution to reset or recover the Administrator password should exist on all operating systems. This thesis begins with addressing weaknesses in 8 different operating systems. It presents a comprehensive step-by-step guide for already existing procedures and tools that can be used to reset or recover the Administrator password. In total 6 procedures and 10 tools are presented. Because some procedures required a lot of interaction from the user, we decided to automate these and include them in our self made tool named Yet Another Local Password (tool) (YALP). We were able to reset the passwords on all of the 8 operating systems. On some of the operating systems only a few passwords were recovered, and based on that, a more comprehensive password recovery study was desirable. It should be noted that even though Microsoft has introduced a more secure password handling mechanism on newer Windows operating system, many persons and corporations still use the outdated Windows XP operating system. This is partly because Windows Vista has been criticized for its weak performance. An empirical password study was carried out to see what percentage of 30 carefully chosen passwords could be revealed. Some disturbing results were obtained. During a period of 8 hours, 100% of the passwords created on a Windows XP system were revealed. The results from this study show that the use of password as an authentication mechanism for operating systems will not offer sufficient protection in the future, and that other mechanisms have to be considered. Based on results obtained from this thesis, a paper named All in a day's work: Password cracking for the rest of us was submitted to The 14th Nordic Conference on Secure IT Systems, NordSec 2009, in Oslo, Norway. In addition, a poster named Generation of Rainbow Tables was presented at The 8th Annual Meeting on High Performance Computing and Infrastructure, NOTUR2009, in Trondheim, Norway. The poster and the paper are included in Appendix F and Appendix G, respectively. | nb_NO |
