Go Back   The macosxhints Forums > OS X Help Requests > System



Reply
 
Thread Tools Rate Thread Display Modes
Old 04-14-2008, 10:49 AM   #1
smilinggoat
Prospect
 
Join Date: Dec 2004
Posts: 19
Unhappy Forgot encrypted sparse image password =[

So I'm a moron. I was saving my financial information in an encrypted sparse image a year ago. I haven't opened the bloody thing for a year, and now that I go back to get my 2006 tax records, I find that I can't remember the password!

Am I up the creek without a paddle or is there an exploitable work-around?
smilinggoat is offline   Reply With Quote
Old 04-14-2008, 11:20 AM   #2
fracai
MVP
 
Join Date: May 2004
Posts: 2,078
That sparse image is encrypted with AES 128 or 256. If there were exploits around it wouldn't be a government standard suitable for protecting Secret or Top Secret data.

I don't suppose you stored the password in your Keychain?

Your one hope is that you can try as many passwords as you like, as I don't think DiskUtility will lock you out after any number of failed tries.

Just start trying.

Good luck.
fracai is offline   Reply With Quote
Old 04-14-2008, 11:24 AM   #3
Mikey-San
Hall of Famer
 
Join Date: Jan 2002
Posts: 3,541
Yep. You're boned unless you can remember the password.
__________________
COMPUTER TYPE
SOME SPECIFICATIONS I COPIED FROM THE BOX
STUFF I INSTALLED ALL BY MYSELF
"WITTY QUOTE"
Mikey-San is offline   Reply With Quote
Old 04-14-2008, 01:35 PM   #4
Sherman Homan
All Star
 
Join Date: Oct 2006
Posts: 546
Unfortunately, that is the whole purpose of the encryption process. Sit down with pen and paper and write down everything you can think of, fracai is right, you won't get locked out. If you are like most people you didn't use a 63 character random password generator. Good luck!
__________________
http://macintoshsolutions.com
Sherman Homan is offline   Reply With Quote
Old 04-14-2008, 01:39 PM   #5
tlarkin
League Commissioner
 
Join Date: Mar 2003
Location: Bay Area, CA
Posts: 11,351
Unless you used a weak password and you can brute force it...even then it could take a decade or even never accomplish that.
tlarkin is offline   Reply With Quote
Old 04-14-2008, 02:04 PM   #6
JDV
Hall of Famer
 
Join Date: Sep 2004
Location: Chicago, Illinois
Posts: 3,191
Look at the bright side....your 2006 tax information is safe!

Joe VanZandt
JDV is offline   Reply With Quote
Old 04-14-2008, 02:22 PM   #7
Sherman Homan
All Star
 
Join Date: Oct 2006
Posts: 546
Quote:
Originally Posted by JDV
Look at the bright side....your 2006 tax information is safe!
Joe VanZandt


Post.
Of.
The.
Day.
__________________
http://macintoshsolutions.com
Sherman Homan is offline   Reply With Quote
Old 04-15-2008, 09:33 AM   #8
smilinggoat
Prospect
 
Join Date: Dec 2004
Posts: 19
Haha, yeah thanks guys. I realized that not being able to recover data is the POINT of encrypted images. Just hoping maybe someone here had a zero-day exploit j/k

Quote:
I don't suppose you stored the password in your Keychain?

I specifically did not store it in the Keychain because if someone were to steal my laptop and get into my account, they'd be able to open the image.

Well, so much for the old bills and such...but hey, at least I got my taxes done in time!
smilinggoat is offline   Reply With Quote
Old 04-15-2008, 09:47 AM   #9
Spero33
Registered User
 
Join Date: Apr 2008
Location: NC
Posts: 1
I'm not busting your chops here but I have a logical solution to password management that beats ANYTHING that's stored on a disk or elsewhere.

I use the following method with some add-ons for those sites that limit the number of characters and such.

Pick a character such as @ or whatever
Pick a number you'll remember
Use the site or name of whatever you're making a password, cap the first and last letter of said site
Repeat for all sites

EXAMPLE

!BestbuY1234567!

Now, just simply do the same for all other sites or such

For your encrypted disk you could use

!Encrpyteddisk12345667!

No more random password generating, no more forgetting. I've used this system for years... alternating the characters + name every year or so...

Makes matters MUCH easier and I NEVER forget passwords
Spero33 is offline   Reply With Quote
Old 04-15-2008, 09:11 PM   #10
acme.mail.order
League Commissioner
 
Join Date: Sep 2003
Location: Tokyo
Posts: 6,262
Quote:
Originally Posted by JDV
Look at the bright side....your 2006 tax information is safe!

Wonder if the IRS will accept this argument in an audit.
acme.mail.order is offline   Reply With Quote
Old 04-15-2008, 09:25 PM   #11
cwtnospam
League Commissioner
 
Join Date: Jan 2005
Posts: 8,475
Quote:
Originally Posted by acme.mail.order
Wonder if the IRS will accept this argument in an audit.

I wonder if you could ask them for a copy of your 2006 return. Banks get them all the time. What's to stop individuals?
cwtnospam is offline   Reply With Quote
Old 04-16-2008, 07:10 PM   #12
smilinggoat
Prospect
 
Join Date: Dec 2004
Posts: 19
Quote:
Originally Posted by Spero33
I'm not busting your chops here but I have a logical solution to password management that beats ANYTHING that's stored on a disk or elsewhere.

Hey, that's a neat technique Spero! I may have to just adapt that idea for my own uses...cheers.

Quote:
Originally Posted by cwtnospam
I wonder if you could ask them for a copy of your 2006 return. Banks get them all the time. What's to stop individuals?

Yeah, I ended up getting my statement from turbotax.com, which I used last year. FYI, this year I used H&R Block's free filing service and it was great. Super fast and simple. I was in and out in 15 minutes!
smilinggoat is offline   Reply With Quote
Old 04-17-2008, 09:13 AM   #13
tlarkin
League Commissioner
 
Join Date: Mar 2003
Location: Bay Area, CA
Posts: 11,351
Yeah I had to change a user's password about 4 months ago, and when i asked them what they wanted it to be, they wrote it down. Kid you not the password was like 30 characters long, and it was random.

I told them no, pick something simpler so I don't have to reset your password every other day.
tlarkin is offline   Reply With Quote
Old 04-18-2008, 12:41 PM   #14
J Christopher
MVP
 
Join Date: Apr 2007
Posts: 1,040
Quote:
Originally Posted by tlarkin
Yeah I had to change a user's password about 4 months ago, and when i asked them what they wanted it to be, they wrote it down. Kid you not the password was like 30 characters long, and it was random.

I told them no, pick something simpler so I don't have to reset your password every other day.

Some seemingly random passwords can be very easy to remember.

For example, "C{nrk.{MajROQdcbyovjrm!" is simply "I_love_MacOSXhints.com!" typed with Dvorak keyboard switched on (but typed as if the U.S. keyboard layout was selected). OS X makes it very easy to switch back and forth between previously selected keyboard layouts with only a couple of clicks. As an added benefit, the password can be written down in it's normal form with minimal security risk.

This technique can be used to make passwords that are quite secure, especially if used in conjunction with other methods, such as replacing A's (or better yet, every other A, etc.) with 4's, S's with 5's or $'s, etc.

I use a different method to create easy to remember, secure, long passwords, and I'm not going to reveal that method on a public forum, but this method also works well.

just my 2
J Christopher is offline   Reply With Quote
Old 04-18-2008, 04:07 PM   #15
hayne
Site Admin
 
Join Date: Jan 2002
Location: Montreal
Posts: 32,291
Quote:
Originally Posted by Spero33
I use the following method with some add-ons for those sites that limit the number of characters and such.

Pick a character such as @ or whatever
Pick a number you'll remember
Use the site or name of whatever you're making a password, cap the first and last letter of said site
Repeat for all sites

EXAMPLE

!BestbuY1234567!

Have you tested your system against the freely available password guessing programs? There are several of them and anything like what you suiggest that follows a relatively simple algorithm using words as the basis of the password is likely to be guessable via these programs relatively easily. They can test many thousands of possible passwords per second and typically make use of dictionaries of all common words and commonly used password-creation algorithms.

Quote:
For your encrypted disk you could use

!Encrpyteddisk12345667!

Of course it is much better when you deliberately misspell one of the words like you did above! That ensures that the standard dictionary attack won't work.
__________________
hayne.net/macosx.html
hayne is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 08:20 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.