OS X password issue?

Discussion in 'General Mac Discussion' started by Macco, Oct 19, 2003.

  1. macrumors regular

    Jun 15, 2003
    I noticed today with Software Update that if you type in your password and then follow it with other characters, it will still work. For instance, if your password is "Blue", you could type in "Blue12sh" and it would still work. This seems to me like a minor, yet still possibly significant security flaw.
  2. macrumors 65816


    Oct 9, 2002
    I think OS X only takes into account the first 6 (or is it 8?) characters of your password. So if your password is "password" (yes it's a silly password), then "passwor" would do fine, as would any word starting with "passwor".
    As for security reasons, I don't think it's much of an issue if the first 6 characters are hard to guess.
  3. macrumors 6502a


    May 28, 2002
    Bay Area, CA
    This was a limitation with the versions of FreeBSD included with Jaguar and earlier versions of Mac OS X. I believe this issue is fixed with Panther.
  4. thread starter macrumors regular

    Jun 15, 2003
    So that means that, assuming your password contains only alphanumeric characters, it would take at the most 36^6=2000000000 tries to crack it. I suppose for general purposes that's secure enough.
  5. macrumors 604


    Sep 8, 2002
    The Netherlands
    That's why I use "special characters" (and upper/lowercase...) :D

Share This Page