Slashdot Mirror

← Back to Stories (view on slashdot.org)

Eight-Character Password Limit in Mac OS X

Posted by pudge on from the welcome-to-bsd dept.

Qwerpafw writes "While there have been the usual small announcements about Mac OS X security problems, there has been nothing so major as to make me worry about the security of my own box. However, I recently learned that for some reason, Mac OS X only understands passwords of up to 8 characters. Any other characters typed in are discarded as 'garbage.' Well, this worried me, as 8 characters is generally regarded as a rather small keysize, with only 256^8 maximum possibilities (or about 1.845 * 10^19). This is a very real hole in Mac OS X. To make things worse, I was able to find no mention of this at Apple's website, and you are never alerted of this when trying to enter password greater than eight characters." This is generally not regarded a security "hole", and has existed in BSD for many years (though most current BSDs have moved beyond the limitation). It is something to be aware of, and it would be nice if there were a workaround ...

2 of 124 comments (clear)

  1. Appletalk by stoffel · · Score: 0, Offtopic

    I think it's Appletalk related. In OS 9 an appletalk password can only be 8 characters long....

  2. Re:lots of commercial UNIX's only support 8 chars by rjung2k · · Score: 0, Offtopic

    Which means this is news only because Apple does it, too?

    Slashdot must be starving for hit counts today.

    --

    --R.J.
    Electric-Escape.net