Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eight-Character Password Limit in Mac OS X

Posted by pudge on from the welcome-to-bsd dept.

Qwerpafw writes "While there have been the usual small announcements about Mac OS X security problems, there has been nothing so major as to make me worry about the security of my own box. However, I recently learned that for some reason, Mac OS X only understands passwords of up to 8 characters. Any other characters typed in are discarded as 'garbage.' Well, this worried me, as 8 characters is generally regarded as a rather small keysize, with only 256^8 maximum possibilities (or about 1.845 * 10^19). This is a very real hole in Mac OS X. To make things worse, I was able to find no mention of this at Apple's website, and you are never alerted of this when trying to enter password greater than eight characters." This is generally not regarded a security "hole", and has existed in BSD for many years (though most current BSDs have moved beyond the limitation). It is something to be aware of, and it would be nice if there were a workaround ...

3 of 124 comments (clear)

  1. Re:Good Password by foniksonik · · Score: 3, Funny

    Yeah and on OS X you only need to remember this part:

    d41d8cd9

    --
    A fool throws a stone into a well and a thousand sages can not remove it.
  2. Re:you need to think by Anonymous Coward · · Score: 1, Funny

    thanks for the tip. i just added "I don't like people who limit my choices!" into a place near the top of my brute-force attempt lists, along with several varients. i will 0wn j00 in no time now. :-)

  3. Re:Appletalk by mjpaci · · Score: 3, Funny

    That's nice. How long can my TCP/IP password be?