OS X password issue?

Discussion in 'General Mac Discussion' started by Macco, Oct 19, 2003.

  1. macrumors regular

    #1
    I noticed today with Software Update that if you type in your password and then follow it with other characters, it will still work. For instance, if your password is "Blue", you could type in "Blue12sh" and it would still work. This seems to me like a minor, yet still possibly significant security flaw.
     
  2. macrumors 65816

    whocares

    #2
    I think OS X only takes into account the first 6 (or is it 8?) characters of your password. So if your password is "password" (yes it's a silly password), then "passwor" would do fine, as would any word starting with "passwor".
    As for security reasons, I don't think it's much of an issue if the first 6 characters are hard to guess.
     
  3. macrumors 6502a

    simX

    #3
    This was a limitation with the versions of FreeBSD included with Jaguar and earlier versions of Mac OS X. I believe this issue is fixed with Panther.
     
  4. macrumors regular

    #4
    So that means that, assuming your password contains only alphanumeric characters, it would take at the most 36^6=2000000000 tries to crack it. I suppose for general purposes that's secure enough.
     
  5. macrumors 604

    MacsRgr8

    #5
    That's why I use "special characters" (and upper/lowercase...) :D
     

Share This Page