We journey into the land of the Bios Password...

Most password-storage systems, like your Motherboard's CMOS (or for the thorough techie definition: the complementary metal-oxide semiconductor), will not store the password you think you have typed but rather a "hash" of the typed password.

"Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string."

Hold up, what does that mean? Well…put simply, hashing changes/encodes characters into another set of shorter characters. For example, lets encode numbers 1 to 26 to represent the alphabet, 1=a 2=b 3=c 4=d 5=e...all the way up to 26=z. Now, lets think of a password for our Bios, seeing how the CMOS stores the actual password once it is hashed. Let's use the password AND, a=1 n=14 d=4. Now the hash function will change these characters into a smaller value by adding the numbers together (1+14+4=20). So the CMOS would store the number 20 instead of actually remembering what you typed for your password (i.e. AND). This is all the BIOS is really concerned about, not the actual password itself but the hash value.

Now here comes the interesting bit. If you enter another password that adds up to the same value (20), you will be allowed into the computer. Any sequence of digits that add up to make that same total (20) would be accepted as the "correct" password. So you could type in the letter t (as t=20, our hash value), and you would be granted access to the computer.


Source:

http://www.whatis.com

Log in or register to write something here or to contact authors.