Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

c-t

macrumors newbie
Original poster
Jul 29, 2010
17
0
How is the firmware password of my iMac actually stored? Where is it stored?

I'm wondering how easy it would be for a software/hardware cracker to compromise the firmware password, if he had access to the physical computer itself.
 
Thanks, but this doesn't really address my actual concern (which I probably should have made more clearer).

Let's say I set my firmware password to "somePasswordThatIAlsoUseInALotOfOtherPlaces".

Is it possible somehow for a hacker to obtain this plain text password from the firmware, if he has physical access to the computer? To understand this, we have to understand how the password is actually stored in the firmware.
 
Let's say I set my firmware password to "somePasswordThatIAlsoUseInALotOfOtherPlaces".
If your intent is to be secure, then don't do that. Problem solved.

Is it possible somehow for a hacker to obtain this plain text password from the firmware, if he has physical access to the computer? To understand this, we have to understand how the password is actually stored in the firmware.
It's not necessary for a hacker to obtain the password. All that's necessary is for the hacker to defeat the password. And GGJStudios linked to an article that described how to do that.

If that article isn't sufficient answer, then please describe exactly who or what you're trying to defend against. If you're trying to defend against someone removing the password or getting around it, you can't; see the article. If you're trying to defend against someone discovering the password, please describe why that matters. Perhaps you're trying to defend against someone surreptitiously defeating the password, doing something malicious, then setting the password back to its original value. If that's the attack, then you need to say so. If the attack is an expectation that the recovered password will be used elsewhere, then don't reuse the password.
 
If you're trying to defend against someone discovering the password, please describe why that matters.

Thanks for the reply. I should have clarified this better.

Years ago (without thinking much of it) I set the firmware password to be the same password as I use in many other places. Soon, I will be selling the computer. I just want to make sure the new owner won't be able to obtain the password, that's all. I know it's unlikely, but I think it's still worth thinking about.

The questions also arise: Even if I change the firmware password to something else, and then remove the firmware password (obviously I don't want to have a firmware password on a computer that I sell), will that make my original password unrecoverable?
 
That password is not stored in plain text anywhere on the system. There is no way to find out the password, only to defeat it. You have nothing to fear (just of course make sure to remove the password for the new owner).

jW
 
That password is not stored in plain text anywhere on the system. There is no way to find out the password, only to defeat it. You have nothing to fear (just of course make sure to remove the password for the new owner).

jW

Unless someone forgot to turn off a debug flag over in Cupertino ;)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.