We journey into the land of the Bios Password...

Most password-storage systems, like your Motherboard's CMOS (or for the thorough techie definition: the complementary metal-oxide semiconductor), will not store the password you think you have typed but rather a "hash" of the typed password.

"Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string."

Hold up, what does that mean? Well…put simply, hashing changes/encodes characters into another set of shorter characters. For example, lets encode numbers 1 to 26 to represent the alphabet, 1=a 2=b 3=c 4=d 5=e...all the way up to 26=z. Now, lets think of a password for our Bios, seeing how the CMOS stores the actual password once it is hashed. Let's use the password AND, a=1 n=14 d=4. Now the hash function will change these characters into a smaller value by adding the numbers together (1+14+4=20). So the CMOS would store the number 20 instead of actually remembering what you typed for your password (i.e. AND). This is all the BIOS is really concerned about, not the actual password itself but the hash value.

Now here comes the interesting bit. If you enter another password that adds up to the same value (20), you will be allowed into the computer. Any sequence of digits that add up to make that same total (20) would be accepted as the "correct" password. So you could type in the letter t (as t=20, our hash value), and you would be granted access to the computer.


Source:

http://www.whatis.com
BIOS Passwords for quite a number of PCs are useless. The main reason for setting an Adminstrative BIOS (or boot-up password) is to prevent unauthorized personnel from using your computer. Yet that doesn't stop the manufacturers making it easy for an any Joe Blow to bypass what is considered by some (mostly newbies, I've seen a few newbies' reaction when someone mentions BIOS password, 4 d3m i7'3 1337) the ultimate PC protection (the BIOS password can easily be defeated by jumpers on motherboards, hence giving the unwanted user full access to your hardware). Everyone knows that the password is stored in CMOS, and if the user is not an egoistical male, he would read the instructions for the motherboard, which clearly state that a particular jumper resets the CMOS, which means that all the data is erased from the chip, the time and HDD information, along with the password (or if you want to be technical, "hashed" password). Once that is done, and some of the BIOS is manually restored, the unwanted user has enough access to do pretty much whatever they want to the machine. (I won't mention trying to crack (or more likely bypass) the windows password)

Log in or register to write something here or to contact authors.