From: jon cameron <cellf@free.org>
Date: Fri, 28 Jul 95 20:32:04 PDT
To: cypherpunks@toad.com
Subject: Re: PS/2 passwd bypassed at bootup?
In-Reply-To: <199507290120.VAA01748@gmerin.dialup.access.net>
Message-ID: <Pine.BSD.3.91.950728222439.4594C-100000@squeaky.free.org>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 28 Jul 1995, Gary Merinstein wrote:

> > I have my crummy IBM PS/2 passwd protected upon turning it on.
> > I know that removing the battery in a PS/2 deletes the password.
> > But can it be bypassed by an MIS-type if that person has an 
> > administration-type of diagnostic/setup/boot-up floppy?
> > 
> > Jon C.
> > 
> 
> when you type the power-on passwd, adding a slash to the end of it should 
> delete it for future power-ons:
> 
> passwd/new-passwd	changes password
> passwd/			removes password (actually it changes it to the
> 			null string.
> 
> if you remove the password, you will then need the setup disk if you want to 
> re-install the power-on password. 
> 

I understand how that works, but how did the admin-dude bypass my passwd 
(a combo of six letters/numbers only known to me)?  My log file says that 
he only made one attempt at getting in.

Can CMOS store my passwd AND perhaps an admin passwd established in CMOS 
before I received the crummy PS/2?  Is it encrypted?  Do CMOSes in 
general encrypt their passwds ==> can code be added where the passwd is 
stored?  How much space is in the "memory" of CMOS?

Thanks for all the replies...

Jon C.