How is the firmware password stored on the computer?

Discussion in 'Mac Basics and Help' started by c-t, May 9, 2012.

  1. c-t macrumors newbie

    Jul 29, 2010
    How is the firmware password of my iMac actually stored? Where is it stored?

    I'm wondering how easy it would be for a software/hardware cracker to compromise the firmware password, if he had access to the physical computer itself.
  2. GGJstudios macrumors Westmere


    May 16, 2008
    Bypass Mac Firmware Password
  3. c-t thread starter macrumors newbie

    Jul 29, 2010
    Thanks, but this doesn't really address my actual concern (which I probably should have made more clearer).

    Let's say I set my firmware password to "somePasswordThatIAlsoUseInALotOfOtherPlaces".

    Is it possible somehow for a hacker to obtain this plain text password from the firmware, if he has physical access to the computer? To understand this, we have to understand how the password is actually stored in the firmware.
  4. chown33 macrumors 604

    Aug 9, 2009
    descending into the Maelström
    If your intent is to be secure, then don't do that. Problem solved.

    It's not necessary for a hacker to obtain the password. All that's necessary is for the hacker to defeat the password. And GGJStudios linked to an article that described how to do that.

    If that article isn't sufficient answer, then please describe exactly who or what you're trying to defend against. If you're trying to defend against someone removing the password or getting around it, you can't; see the article. If you're trying to defend against someone discovering the password, please describe why that matters. Perhaps you're trying to defend against someone surreptitiously defeating the password, doing something malicious, then setting the password back to its original value. If that's the attack, then you need to say so. If the attack is an expectation that the recovered password will be used elsewhere, then don't reuse the password.
  5. c-t thread starter macrumors newbie

    Jul 29, 2010
    Thanks for the reply. I should have clarified this better.

    Years ago (without thinking much of it) I set the firmware password to be the same password as I use in many other places. Soon, I will be selling the computer. I just want to make sure the new owner won't be able to obtain the password, that's all. I know it's unlikely, but I think it's still worth thinking about.

    The questions also arise: Even if I change the firmware password to something else, and then remove the firmware password (obviously I don't want to have a firmware password on a computer that I sell), will that make my original password unrecoverable?
  6. Mal macrumors 603


    Jan 6, 2002
    That password is not stored in plain text anywhere on the system. There is no way to find out the password, only to defeat it. You have nothing to fear (just of course make sure to remove the password for the new owner).

  7. thejadedmonkey macrumors 604


    May 28, 2005
    Unless someone forgot to turn off a debug flag over in Cupertino ;)

Share This Page