azblue wrote:
nullplan wrote:
Do you mean practically or theoretically? Because practically, I can boot with "init=/bin/sh" and reset the password that way. In most cases, password recovery is not feasible, only password reset. And that can only be done by the administrator through administrative means. In a single user computer, the user is the administrator.Of course, with a BIOS password and a password on the boot manager, it is possible to lock yourself out of the machine. But even then, you can usually reset the BIOS with a jumper on the mainboard (sucks for the laptop users, tho).
Security questions are usually only a thing for large multi-user systems.
I had been envisioning admin on a single user computer forgetting his password. But I hadn't thought of init=/bin/sh, that does make more sense.
Passwords are generally fed into one-way functions where it's much easier to find the solution given the input variable than to find the input variable given the solution. The solution is then what is stored on disk, and when the user enters his password, the same math is done on the password entered, and the solution is checked to see if it matches that stored on disk. So the computer doesn't actually know the password, it just knows what the password becomes when you do certain math to it. That's why password reset is generally the only option. But, if the disk isn't encrypted, tricks like init=/bin/sh are possible, so the general byword for these cases is "physical access is root access".
As iansjack mentioned, this is not the case if disk encryption is used: In that case, the password is used as an encryption key, and everything that's written to disk is scrambled with the password. If the user forgets his password, not only is it impossible to recover the password, it's also impossible to recover any of the encrypted data, unless the user used an easily guessable password (in which case he might as well not have used a password or encrypted his disk at all).