PDA

View Full Version : OS X password issue?


Macco
Oct 19, 2003, 07:43 PM
I noticed today with Software Update that if you type in your password and then follow it with other characters, it will still work. For instance, if your password is "Blue", you could type in "Blue12sh" and it would still work. This seems to me like a minor, yet still possibly significant security flaw.

whocares
Oct 19, 2003, 08:31 PM
I think OS X only takes into account the first 6 (or is it 8?) characters of your password. So if your password is "password" (yes it's a silly password), then "passwor" would do fine, as would any word starting with "passwor".
As for security reasons, I don't think it's much of an issue if the first 6 characters are hard to guess.

simX
Oct 19, 2003, 08:49 PM
This was a limitation with the versions of FreeBSD included with Jaguar and earlier versions of Mac OS X. I believe this issue is fixed with Panther.

Macco
Oct 19, 2003, 09:15 PM
Originally posted by whocares
I think OS X only takes into account the first 6 (or is it 8?) characters of your password. So if your password is "password" (yes it's a silly password), then "passwor" would do fine, as would any word starting with "passwor".
As for security reasons, I don't think it's much of an issue if the first 6 characters are hard to guess.
So that means that, assuming your password contains only alphanumeric characters, it would take at the most 36^6=2000000000 tries to crack it. I suppose for general purposes that's secure enough.

MacsRgr8
Oct 20, 2003, 02:30 PM
Originally posted by Macco
So that means that, assuming your password contains only alphanumeric characters, it would take at the most 36^6=2000000000 tries to crack it. I suppose for general purposes that's secure enough.

That's why I use "special characters" (and upper/lowercase...) :D