Unreasonable Limit on Open Firmware Passwords

Lawrence Person writes "Well, this has to be one of the stranger bugs in recent memory: 'If you used Open Firmware Password utility to create a password that contains the capital letter "U", your password will not be recognized during the startup process.' Straight from the mothership. I'm guessing that not too many people use Open Firmware Passwords, but it's a very nasty bug for those who do. Props to the always great As The Apple Turns for pointing this one out."

Enter password:

UR70457

....

hah!

[revmoo]

My trusty password "god" triumphs again!

Re:hah!

[RegularStormy:~] miller% ssh 146.35.3.123 -l revmoo
Enter password: god
Welcome to Darwin!
%

---

Thanks!

Slashdot's running on a Mac, right?

[NanoGator]

Hmm.. this explains why my STFU posts always disappear.

Re:Care to speculate?

[setzman]

Could it be the following (copied from here),

When turned on, Open Firmware Password Protection:

* blocks the ability to use the "C" key to start up from a CD-ROM disc.
* blocks the ability to use the "N" key to start up from a NetBoot server.
* blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
* blocks the ability to start up in Verbose mode by pressing the Command-V key combination during startup.
* block the ability to start up a system in Single-user mode by depressing the Command-S key combination during startup.
* blocks a reset of Parameter RAM (PRAM) by pressing the Command-Option-P-R key combination during startup.
* requires the password to use the Startup Manager, accessed by pressing the Option key during startup (Figure 1).
* requires the password to enter commands after starting up in Open Firmware, which is done by depressing the Command-Option-O-F key combination during startup.

Doesn't mention the U key in the features list, but I'm going speculate that something in the keyboard handling code is buggy...

Speculation

[Mikey-San]

It sounds like this isn't a bug in Open Firmware (thankfully), but Apple's OF Password app. If so, we just need to wait for an update to the app, and can still set passwords with "U" manually.

Does anyone have more info regarding where this bug originates?

Re:Speculation

[Mikey-San]

Ask and ye shall receive.

http://www.securemac.com/openfirmwarepasswordpro te ction.php

Um...I figured out why 'U'

Note the linked article How to setup up password protection
Among other things, it:

blocks the ability to use the "C" key to start up from a CD-ROM disc.

blocks the ability to use the "N" key to start up from a NetBoot server.

blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).

Posting this anonymously, since I don't want to be known as the one who figured this out.

I know nothing about Open Firmware, but:

[jazir1979]

Do you need your password to be accepted in order to change the password?

The "solution" in the article is to "change your password if necessary". But how do you change your password when your previous password is not accepted?

Can't spell 1234 with a "U"

[one9nine]

I pity the fool who has a wife or daughter named Ursila. :-(

careful, now

[Tumbleweed]

That may be Praetorian code. I wouldn't mess with it.

Blame SCO.

[FFFish]

They're the ones that want to claim copyright on that letter, so that talking about *nix requires paying a licensing fee.

It also means we can't call them a b*nch of motherf*cking f*ckwits, which is a real shame.

Re:Alrighty men..

[YouHaveSnail]

No, wait. This is Apple, not Microsoft. Bugs like this are acknowledged, with workarounds and/or patches supplied quickly, and this gives the company character and credibility.

The solution would be

[coolmacdude]

to just reset the password. Easily accomplished.

Re:The solution would be

[coolmacdude]

Why was my post modded overrated? I'm serious. All you have to do is take out or install new ram, (basically just change the amount of ram in the machine) and then reset the PRAM 3 times. That clears the Open Firmware password.

Re:The solution would be

[shawnce]

Well you can use strong encryption to protect critical data even in the case of lost physical security (which you are correct about).

In Mac OS X 10.3 you will have the ability to have your home folder encrypted (using AES-128). Other OSes have similar features. ...of course given time even strong encryption will fail you.

Re:Alrighty men..

[HiredMan]

Microsofy story of the day - yet another hole that will get you owned that we're disclosing and patching after years of vulnerability.

Apple story of the day - bug disallows a certain character in little used Openfirmware password.

Slashdot spin - both platforms have bugs. Fair and Balanced - Slashdot News! ;)

=tkk

Isn't it obvious?

[the+darn]

This is clear evidence that despite its user-friendly appearance, deep down, Apple hates U.

Did anyone see the artnum?

[tuxedobob]

The article number for this was 107666. If that's not clear proof that Microsoft was somehow involved, I don't know what is.

Um, I need something for the 107 part...

Waiting to see if this gets modded flamebait or funny... ;-)

Re:Care to speculate?

[colinleroy]

U is ASCII 0x55 (85 dec), which is 01010101 in binary. Maybe.

Re:Care to speculate?

[TheRaven64]

What's a 4-letter word for a woman ending in "UNT?" :D

Aunt!

Re:Alrighty men..

[TheRaven64]

ready PITCHFORKS!

You don't need to bother. Being based on FreeBSD, OS X comes with its own pitchforks.

This is why I hate geeks

[oni]

See, why does everything always have to be about U?
huh?

Stupid geeks!

Wonder about other OF computers

[downix]

I wonder if this problem exists in my Open Firmware based Pegasos machine.

Not just the U character

[rtm1]

This bug happens to other characters too. I once set an open firmware password with the character '{' in it, and OF wouldn't take it at boot time. The lowercase '[' worked fine though.

I think this is a problem with the Open Firmware Password application using a different character set than Open Firmware itself. So some characters you can type in the OF Password app you can't type in OF itself. Or maybe OF just doesn't like the shift key...

Probably an easy solution for this question

The value $AA is used to "encrypt" the password in OF. Every letter in the password is obfusticated via XOR with this value.

'U' = $55 XOR $AA = $FF (and this is probably used as a end-of-password marker).

nreasonable Limit on Open Firmware Passwords

[yet+another+coward]

Just to be safe, I suggest changing the story title.