<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
Article Discussions
»
Article Discussions by Author
»
Discuss content posted by Geoff Albin
»
How to recover a SQL Server login password.
36 posts, Page 2 of 4
««
1
2
3
4
»
»»
How to recover a SQL Server login password.
Rate Topic
Display Mode
Topic Options
Author
Message
mister.magoo
mister.magoo
Posted Monday, March 04, 2013 8:17 AM
Ten Centuries
Group: General Forum Members
Last Login: Today @ 7:10 AM
Points: 1,289,
Visits: 3,858
Jeff Moden (3/4/2013)
It's going to help me a lot.
Sounds ominous
MM
Post #1426270
Sigerson
Sigerson
Posted Monday, March 04, 2013 9:09 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Today @ 9:38 AM
Points: 171,
Visits: 539
I'm with Jeff. This is very cool stuff butvery ominous, too. I do have a SQL utility user pwd that I've lost, so this will be useful. On the other hand I don't want anybody else to know this. It's like the One Ring of Power, it's already making me think of all the malicious acts I could do with this power.
("My precious, my precious.")
Actually, I've pretty much given up on passwords protecting me. One day and not too long from now, we'll all have implanted RF chips like doggie-lojacks that will identify us and let us use the atm, buy groceries, login to Amazon, etc.
Sigerson
"
No pressure, no diamonds.
" - Thomas Carlyle
Post #1426303
BenWard
BenWard
Posted Monday, March 04, 2013 9:16 AM
Old Hand
Group: General Forum Members
Last Login: Wednesday, May 08, 2013 7:23 AM
Points: 324,
Visits: 531
Sigerson (3/4/2013)
we'll all have implanted RF chips
Until some quack attempting to make a quick buck publishes a dubious medical report based on 3 test patients who just so happen to work in a nuclear power station linking RF implants to some disease that everyone is afraid of.
I'm not cynical at all!
Even that isn't fool proof, pickpocketers will start bumping into you with RF scanners and instead of just nabbing your wallet, will steal your identity, your car, you house and probably your wife and kids too.
Ben
^ Thats me!
----------------------------------------
01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
----------------------------------------
Post #1426312
paul.knibbs
paul.knibbs
Posted Monday, March 04, 2013 9:19 AM
Ten Centuries
Group: General Forum Members
Last Login: Yesterday @ 3:43 AM
Points: 1,257,
Visits: 4,255
Sigerson (3/4/2013)
On the other hand I don't want anybody else to know this. It's like the One Ring of Power, it's already making me think of all the malicious acts I could do with this power.
Use longer passwords and it ceases to be an issue. Yes, he was able to find a 5-character password in 2 seconds using a brute force search with a powerful GPU, but the complexity of such a search increases massively with the number of characters--a guesstimate would suggest that if it takes 2 seconds to find a 5-character password, it will take approximately 23 days to find an 8-character password using the same mechanism! (This is assuming perhaps 100 possible characters used in the password, which would give the 8-character one a million times more possibilities than the 5-character one).
If you had a 20-character password, well, it would probably take longer than the remaining life of the Universe to crack it!
Post #1426313
TravisDBA
TravisDBA
Posted Monday, March 04, 2013 9:27 AM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, May 09, 2013 9:23 AM
Points: 1,288,
Visits: 2,996
Geoff,
Please be very careful about suggesting or even implying that people should do this on production SQL Servers. I work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be fined and/or prosecuted.
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...
"
Post #1426318
GregoryF
GregoryF
Posted Monday, March 04, 2013 9:30 AM
SSC Eights!
Group: General Forum Members
Last Login: Yesterday @ 6:45 AM
Points: 961,
Visits: 795
TravisDBA (3/4/2013)
Be very careful about suggesting that people do this. i work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be prosecuted.
I don't work for the government, but I don't see a problem with the sa having this on his system (developers are another story). After all, as sa I can change your password at will and I have access to all unencrypted data.
/* ----------------------------- */
Tochter aus Elysium, Wir betreten feuertrunken, Himmlische, dein Heiligtum!
Post #1426322
TravisDBA
TravisDBA
Posted Monday, March 04, 2013 9:34 AM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, May 09, 2013 9:23 AM
Points: 1,288,
Visits: 2,996
paul.knibbs (3/4/2013)
Sigerson (3/4/2013)
On the other hand I don't want anybody else to know this. It's like the One Ring of Power, it's already making me think of all the malicious acts I could do with this power.
Use longer passwords and it ceases to be an issue. Yes, he was able to find a 5-character password in 2 seconds using a brute force search with a powerful GPU, but the complexity of such a search increases massively with the number of characters--a guesstimate would suggest that if it takes 2 seconds to find a 5-character password, it will take approximately 23 days to find an 8-character password using the same mechanism! (This is assuming perhaps 100 possible characters used in the password, which would give the 8-character one a million times more possibilities than the 5-character one).
If you had a 20-character password, well, it would probably take longer than the remaining life of the Universe to crack it!
Greg,
The government auditors don't care who you are or what level of access you have in your brain. If the files are PHYSICALLY on the government work laptop then it is vulnerable to attack and you are ultimately liable. Particularly, if this software can be used to crack SQL logins that have access to HIPPA Health related data.
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...
"
Post #1426323
Nadrek
Nadrek
Posted Monday, March 04, 2013 10:10 AM
Say Hey Kid
Group: General Forum Members
Last Login: Yesterday @ 12:28 PM
Points: 675,
Visits: 2,031
Excellent post on brute forcing using oclhashcat-lite - everyone, please be aware that dictionary and rules-based dictionary attacks are also available in GPU-powered form with these excellent tools.
For everyone worried about their passwords, note that SQL Server itself dues support a maximum of 128 characters, and high ASCII is allowed, so if you absolutely must have the "sa" account or a similar SQL Server sysadmin level account available, then a password like
Éá«zpÙYÆÉlêÙRoPõ3wC3Ó)~=5ûÈælZOcLÛÛ¼{ÖÅw™úG54)uQçeÂ?n¾KaôÅAÔÓ½Ò5år³\5ÞÑ=l¾[ÑæQ}ÞZPÐAþ+xhR߬fó1ßfG{ñBÉÜšn‡ƒeji—ÜQ¾væ—ŸTBËŠÍÔ—xÂ
is perfectly acceptable, and can be cut and pasted into SSMS without any problems.
As far as longer word-based passwords, something like
Madeline12152008 is a horrible password, especially if your daughter Madeline was born on December 15th in 2008.
ETA: Software like
KeePass
can be used to generate (and store) such passwords.
Post #1426347
Geoff A
Geoff A
Posted Monday, March 04, 2013 10:13 AM
SSC-Addicted
Group: General Forum Members
Last Login: Yesterday @ 7:10 AM
Points: 485,
Visits: 1,568
TravisDBA (3/4/2013)
Geoff,
Please be Be very careful about suggesting or even implying that people should do this on productiohn SQL Servers. i work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be prosecuted.
Travis,
i am not sure how i am resposible for goverment employees and their activities on their laptops.
but if you saying i should be on the look out for black suits knocking on my door, I'll keep one eye open
Post #1426352
TravisDBA
TravisDBA
Posted Monday, March 04, 2013 10:56 AM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, May 09, 2013 9:23 AM
Points: 1,288,
Visits: 2,996
Geoff A (3/4/2013)
TravisDBA (3/4/2013)
Geoff,
Please be Be very careful about suggesting or even implying that people should do this on productiohn SQL Servers. i work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be prosecuted.
Travis,
i am not sure how i am resposible for goverment employees and their activities on their laptops.
but if you saying i should be on the look out for black suits knocking on my door, I'll keep one eye open
Ok, no problem, just be careful suggesting that kind of thing to the public at large. Not everyone means well in this world. That is all I'm saying. I could see someone sitting in court and explaining "Well your honor, Geoff Albin showed me how to hack a SQL Login production password on SQLServerCentral.com!!!"
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...
"
Post #1426372
« Prev Topic
|
Next Topic »
36 posts, Page 2 of 4
««
1
2
3
4
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
