How is the firmware password stored on the computer?

Discussion in 'Mac Basics and Help' started by c-t, May 9, 2012.

Most Liked Posts
  1. c-t, May 9, 2012

    c-t macrumors newbie

    Joined:
    Jul 29, 2010
    #1
    How is the firmware password of my iMac actually stored? Where is it stored?

    I'm wondering how easy it would be for a software/hardware cracker to compromise the firmware password, if he had access to the physical computer itself.
     
    share
    + Quote Reply
  2. GGJstudios, May 9, 2012

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Bypass Mac Firmware Password
     
    share
    + Quote Reply
  3. c-t, May 9, 2012

    c-t thread starter macrumors newbie

    Joined:
    Jul 29, 2010
    #3
    Thanks, but this doesn't really address my actual concern (which I probably should have made more clearer).

    Let's say I set my firmware password to "somePasswordThatIAlsoUseInALotOfOtherPlaces".

    Is it possible somehow for a hacker to obtain this plain text password from the firmware, if he has physical access to the computer? To understand this, we have to understand how the password is actually stored in the firmware.
     
    share
    + Quote Reply
  4. chown33, May 9, 2012

    chown33 macrumors 604

    Joined:
    Aug 9, 2009
    Location:
    descending into the Maelström
    #4
    If your intent is to be secure, then don't do that. Problem solved.

    It's not necessary for a hacker to obtain the password. All that's necessary is for the hacker to defeat the password. And GGJStudios linked to an article that described how to do that.

    If that article isn't sufficient answer, then please describe exactly who or what you're trying to defend against. If you're trying to defend against someone removing the password or getting around it, you can't; see the article. If you're trying to defend against someone discovering the password, please describe why that matters. Perhaps you're trying to defend against someone surreptitiously defeating the password, doing something malicious, then setting the password back to its original value. If that's the attack, then you need to say so. If the attack is an expectation that the recovered password will be used elsewhere, then don't reuse the password.
     
    share
    + Quote Reply
  5. c-t, May 9, 2012

    c-t thread starter macrumors newbie

    Joined:
    Jul 29, 2010
    #5
    Thanks for the reply. I should have clarified this better.

    Years ago (without thinking much of it) I set the firmware password to be the same password as I use in many other places. Soon, I will be selling the computer. I just want to make sure the new owner won't be able to obtain the password, that's all. I know it's unlikely, but I think it's still worth thinking about.

    The questions also arise: Even if I change the firmware password to something else, and then remove the firmware password (obviously I don't want to have a firmware password on a computer that I sell), will that make my original password unrecoverable?
     
    share
    + Quote Reply
  6. Mal, May 9, 2012

    Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #6
    That password is not stored in plain text anywhere on the system. There is no way to find out the password, only to defeat it. You have nothing to fear (just of course make sure to remove the password for the new owner).

    jW
     
    share
    + Quote Reply
  7. thejadedmonkey, May 9, 2012

    thejadedmonkey macrumors 604

    thejadedmonkey

    Joined:
    May 28, 2005
    Location:
    Pennsylvania
    #7
    Unless someone forgot to turn off a debug flag over in Cupertino ;)
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page