Feature or Security hole?

Discussion in 'macOS' started by trainguy77, Mar 11, 2006.

  1. trainguy77 macrumors 68040

    Joined:
    Nov 13, 2003
    #1
    One thing I noticed a couple months ago with logins is a little weird. Sometimes I know I type the last character of my password wrong, it still lets me in. Then one I got to use a app that has keychain it asks for my password to unlock it. However, it will only ask for the keychain password the times I typed my password wrong. Its been like this for a long time. I am not sure if this is a feature or a security hole. It does not let me log in when my password it totally wrong. But only one digit (i think its close to the end) and its lets me in. I am running 10.3.9 So I don't know if this is the same for 10.4 Just wondering if its just me.
     
  2. Matt W macrumors newbie

    Matt W

    Joined:
    Feb 27, 2006
    Location:
    Essex, England.
    #2
    I tried doing it on 10.4.5 and it won't let me login.

    How many characters is your password? I don't know whether Mac has a limit on password length but I've noticed some slightly dodgy applications in the past have truncated the password to whichever length it is expecting, so if it only allows a 4 character password and you think you password is actually "monday" it will let you login using "mondee" or "mondkj" etc.

    I doubt thats the case here but I can confirm it doesn't seem to work on my OS with an 8 character password.
     
  3. trainguy77 thread starter macrumors 68040

    Joined:
    Nov 13, 2003
    #3
    More then 8:) I will look into it. I will play around with entering all the characters after 8 wrong and see if it lets me in.
     
  4. trainguy77 thread starter macrumors 68040

    Joined:
    Nov 13, 2003
    #4
    Yes it only cares about the first 8 characters of your password for login(under 10.3.9) but keychain cares about all of them. So when I go into Entourage it can't unlock the keychain as it does not have all the correct characters when i only enter 8. I wonder if apple knows about this. They may not care since it is 10.3.9
     
  5. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #5
    Yes, only the first eight characters are used in the password hash. That's a common traditional Unix limitation; some systems have moved on, but OS X is still in the dark ages in that area. Tiger is improved.

    Mac OS X: Effective Password Length of Eight Characters at Apple support.

    See here if you would like to enable better password hashing under 10.3. (It's not a major configuration change, you just have to tell OS X to use it on your account.)
     
  6. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #6
    Everyone assumes that you are logging into your MacOS X user account. Is this the case, or are you asking about some other account?
     
  7. trainguy77 thread starter macrumors 68040

    Joined:
    Nov 13, 2003

Share This Page