OS X password issue?

[Macco]

I noticed today with Software Update that if you type in your password and then follow it with other characters, it will still work. For instance, if your password is "Blue", you could type in "Blue12sh" and it would still work. This seems to me like a minor, yet still possibly significant security flaw.

 

[whocares]

I think OS X only takes into account the first 6 (or is it 8?) characters of your password. So if your password is "password" (yes it's a silly password), then "passwor" would do fine, as would any word starting with "passwor".
As for security reasons, I don't think it's much of an issue if the first 6 characters are hard to guess.

 

[simX]

This was a limitation with the versions of FreeBSD included with Jaguar and earlier versions of Mac OS X. I believe this issue is fixed with Panther.

 

[Macco]

Originally posted by whocares
I think OS X only takes into account the first 6 (or is it 8?) characters of your password. So if your password is "password" (yes it's a silly password), then "passwor" would do fine, as would any word starting with "passwor".
As for security reasons, I don't think it's much of an issue if the first 6 characters are hard to guess.

So that means that, assuming your password contains only alphanumeric characters, it would take at the most 36^6=2000000000 tries to crack it. I suppose for general purposes that's secure enough.

 

[MacsRgr8]

Originally posted by Macco
So that means that, assuming your password contains only alphanumeric characters, it would take at the most 36^6=2000000000 tries to crack it. I suppose for general purposes that's secure enough.

That's why I use "special characters" (and upper/lowercase...)