Security issue?

Discussion in 'Mac Help/Tips' started by Scab Cake, Sep 18, 2002.

  1. Scab Cake macrumors member

    Joined:
    Jul 26, 2001
    #1
    Hey guys,

    I wanted to inquire if anyone else is having the same sort of problem as I am. I have a 10-character password for my account and I just tried installing an application package via the installer application. I use this same password in a few places which offer passwords up to 8 characters, so I accidentally typed in THAT password instead of the 10-character version and it worked!! Same thing with the 9-character version! It seems that Apple's password parser only looks at the first 8 characters. Anyone else have this problem? Or is it just me? I'm running Jaguar with all of the software updates and whatnot. I'd really appreciate finding out if anyone else has this problem as this is a huge security fluke. Some people INTENTIONALLY have long passwords to prevent this sort of thing from happening. Thanks in advance.
     
  2. peterjhill macrumors 65816

    peterjhill

    Joined:
    Apr 25, 2002
    Location:
    Seattle, WA
    #2
    This has been posted about 5 times since I have been a member. It is because Apple is not using md-5 or rc-4 encryption (I forget which). So the encryption scheme that they are using to store the password is limited to 8 characters. Anything you type after that is for your benefit, not the operating system. It will just ignore it.

    Theoretically, since they are using PAM now, they could change this, and allow longer passwords. I hope they do soon.
     

Share This Page