Eight-Character Password Limit in Mac OS X 124
Qwerpafw writes "While there have been the usual small announcements about Mac OS X security problems, there has been nothing so major as to make me worry about the security of my own box. However, I recently learned that for some reason, Mac OS X only understands passwords of up to 8 characters. Any other characters typed in are discarded as 'garbage.' Well, this worried me, as 8 characters is generally regarded as a rather small keysize, with only 256^8 maximum possibilities (or about 1.845 * 10^19). This is a very real hole in Mac OS X. To make things worse, I was able to find no mention of this at Apple's website, and you are never alerted of this when trying to enter password greater than eight characters." This is generally not regarded a security "hole", and has existed in BSD for many years (though most current BSDs have moved beyond the limitation). It is something to be aware of, and it would be nice if there were a workaround ...
Re:Oh God, Must Update! (Score:3, Insightful)
Photoshop for Windows is kind of flaky (at least it wasn't that stable on my NT box), uses that godawful MDI, and at least the last time I looked, still didn't have a bunch of the major plugins that were sold on the Mac.
And I'm not a pro artist producing output for print -- I rarely do more than retouch things for onscreen viewing. Last time I looked, the MacOS had a complete, widely supported color management architecture (ColorSync) that Windows lacked an answer to. It may not seem like a big deal if you're the sort of person that doesn't have a $10k Radius monitor with a color probe and doesn't work with color profiles from all your output and input devices. But for the people putting out stuff for offset presses, this is a very major issue.
Macs had multimonitor support years before Windows. The current version of Windows has multimonitor support (and a few driver writers had hacked up pseudo-multimonitor support), but it's a pain to use -- dialogs pop up halfway across the screen and drivers fight with each other. That doesn't mean that there aren't Mac apps that aren't multimonitor-friendly, but years of people using multiple monitors has ironed out all the kinks that Windows needs another seven years or so to get rid of.
And why would someone want to migrate to Windows? I can rattle off the number of issues I have with Windows for ages. Now, Apple is hardly perfect either, but I'm not sure I'd call WinXP a better environment than OS X. There are fewer big commercial games on OS X, but if it's your work computer (or you aren't a hardcore gamer), it's not nearly as much of an issue. I'd call the Mac a reasonable choice. If you're comfortable with the Mac and you've been using it for years, then there isn't even an argument for Windows. The only Mac weakness is Apple's love for a sizeable profit margin on each computer they put out. But if you can afford to pay your way, you're looking at some good hardware and software.
Of course, if I had a G4, I'd probably just put Linux on it, but to every man his own OS.
Re:So does Linux. (Score:2)
8 characters should be more than enough (Score:4, Informative)
Don't use words from the dictionary. Don't use personal information. Do mix up alpha-numerica and uppercase/lowercase. Throw in some punctuation if allowed.
In other words: make it as randon as possible. This will make it more difficult to brute force crack.
Re:you need to think (Score:1, Funny)
Re:8 characters should be more than enough (Score:2)
No it won't. It will make it more difficult because brute force will be required to crack, after dictionary attacks are exhausted.
BTW, are we sure that the characters after 8 are simply ignored? They aren't hashed with the rest of the password? ie...
eightcharacter becoming a hash of...
eightcha
racter
--------
????????
Which would still effectively be a password of 256^8 strength (assuming all 8 bit characters can be used), but would render a simple dictionary attack useless for passwords over 8 chars. Of course, if this were the case, a dictionary cracker could be written to take this into consideration, allowing quick cracking of dictionary passwords even over 8 chars, falling back to brute force failing that.
However, my girlfriends 550MHz Celeron Thinkpad brute force cracks with L0phtcrack at 800,000 keys/second. If this were a yardstick, her notebook would take 731 thousand years at most to brute force crack a 256^8 password! So I'm not too worried yet. The NSA or a distributed attack no doubt could probably do it in no time though. ; ) But I doubt the NSA or a large group of people want to crack my passwords, though something larger than 8 chars would still be nice.
Re:8 characters should be more than enough (Score:1)
That makes it only 241 years. :-)
dont know how to help.... (Score:1)
Re:dont know how to help.... (Score:1)
Re:dont know how to help.... (Score:1)
Could be worse (Score:3, Informative)
Re:Could be worse (Score:2)
A few of the script kiddie tools I acquired would calculate how fast it would take you to crack passwords of X length...
If I remember right, 7 character passwords took approximately for-fucking-ever (months), and even longer if you expanded the brute force to include special characters as well as A-Z and 0-9...
Good thing the password I was trying to get was only 4 characters which takes about 10 minutes.
Not that anyone should be using Windows Password to protect anything important anyway...
Tim
Times Change (Score:1, Insightful)
Now, with distributed computing (I have 4 computers in my house), how long would it take?
Just a thought.
Re:Could be worse (Score:2)
Re:Could be worse (Score:2)
However, the full MD4 algorithm could not be attacked.
So I wonder how much better MD5 is over MD4? More complex might not mean better at the end of the day.
SHA1 seems to be better and has not [terra.com.br] had any successful cryptanalysis attacks yet. But the original SHA spec had a flaw that the NSA refused to elaborate on, which has most likely been fixed in SHA1.
Methodology (Score:1)
Re:Methodology (Score:2, Interesting)
Re:Methodology (Score:1)
While you are at it, use a number as a number instead of a letter substitution. If your random words are "book" and "the", then throw your lucky number into the middle of it: "book42the" then when you do the letter-for-number subs, some typical some not, and mix the case just a smidge, you get "15o0K427h3", which your friend John the Ripper would not get to very quickly (even on a BSD system, which only looks at the first 8 digits: "15o0K427").
Re:Methodology (Score:1)
Rip TO sHreds Eat 9 Funny Monsters 2 Day.
Once I have a phrase or subsets thereof,
any "yo" syllable can be converted 4 because "Yonn" = four, and "ro" or "lo" syllable can be converted to 6 because "roku" = six. etc. etc. And sometimes the reverse translation can be performed.
Works for me, and I can remember them.
I hope it's not easy to crack.
Not 256^8 (Score:4, Insightful)
The reason is that on most systems you can't simply enter those extended characters.
Re:Not 256^8 (Score:2)
This doesn't really change the bottom line that much, instead of 6.095x10^15, its now 6.161x10^15
Does Jaguar fix this fix this? (Score:1)
Should be fixed in Jaguar (Score:2, Informative)
lapprox 96^8 = 7213895789838336 possible passwords (Score:5, Insightful)
Also, let's assume passwords must be at LEAST 4 characters (I don't know what restrictions, if any, are applicable to MacOS X).
Then we have 96^8 + 96^7 + 96^6 + 96^5 + 96^4 = 7289831534100480 passwords.
So, assuming about 10% of those are "guessable" by standard dictionary cracking methods (a ridiculously high amount), you have 728983153410048 non-guessable passwords (about 2^52).
That is A LOT to brute force. That doesn't even take into account the use of 'salts' to help discourage dictionary attacks.
So, true, allowing longer passwords would be nice. But it isn't even close to a troubling limitation.
If you need more protection for your data, use mcrypt.
A bigger concern would be if Mac OS X didn't use a shadow password file (anyone?), and if it doesn't at least to a rudimentary check to disallow easily guessable passwords. I assume Mac OS X can be configured to be insecure (boot up into desktop without a password), or more secure (passords required, easy passwords disallowed, etc.)
shadow (Score:3, Informative)
In fact, even if you somehow lock down the
That's scary to me.
But what do I know...
Re:shadow (Score:1)
Lax security on Apple's part (Score:3, Insightful)
(For verification of that last one, do "ls -l
Re:Lax security on Apple's part (Score:1)
The fact that classic runs setuid as root I can't blame them for. Classic is to run programs that haven't been ported to OS X, so they operate on the assumption that their is no such thing as permissions in their environment. It would probably cause problems for many programs if this changed.
If you are serious about security, don't run classic. If you have to run a classic app, than OS X is still at least as secure as OS 9, you're only other option.
Re:shadow (Score:2)
So if a random user on a network of OS X machines with multiple accounts per machine (school lab or such) this makes it really easy to assume another identity?
I'm curious, someone fill the details.
crack it (Score:2)
The first line of defense, making the encrypted passwords unavailable to ordinary users, is already breached by the system itself.
Re:shadow (Score:2)
No shadow passwords in NetInfo (Score:4, Informative)
Old NeXT hands know this because that same weakness existed (and was complained about yet never adequately addressed) back when NeXT existed and NeXTSTEP was actively being developed. NetInfo didn't scale up very well and it never had shadow passwords, two qualities that made it not seem so attractive for local administrators I knew back then. But I'd say this is really just another example of why you should care about your software freedom. After a while NeXT stopped caring about the underlying Unix layer (in NeXTSTEP and OPENSTEP this was 4.3 BSD) and the tools they shipped (an antiquated sendmail that had plenty of holes, for instance) and cared more about things like WebObjects and various high-level "kits" (some of which died before being developed very far).
It was this experience that helped lead me to caring about Free Software operating systems and running only Free Software on top of those systems. Because there I know if there's a hole I can choose to wait for someone to fix it for me, or learn to fix it myself, or hire someone to fix it for me. How much delay I impose on myself has more to do with my willingness to learn about and/or pay for.
Re:Darwin (Score:1)
I didn't mention "open source", I mentioned Free Software and there is a big difference [gnu.org] between the two movements. But since you mentioned the Open Source movement, it's worth noting some flaws in Apple's license [gnu.org], flaws that should scare away supporters of either movement. With this offer it's doubtful Apple will ever gain the kind of development momentum they desire, certainly not that which can compete with the development of Free Software. The last two paragraphs of that GNU essay on the APSL are particularly astute considering the parent's comment.
Re:shadow (Score:1)
sudo chmod 500
Now, all of the NetInfo commands can only be run by root.
(You could just execute "sudo chmod 500
Re:shadow (Score:1)
Re:shadow (Score:2, Informative)
But: nidump isn't even suid or sgid, but netinfod is running as root and suspect to spill the beans.
chmod go-rwx `which nidump` therefor would not help either, as any user can grab a binary from elsewhere.
Re:lapprox 96^8 = 7213895789838336 possible passwo (Score:4, Informative)
Now, suppose that your password "apple" had 12 random bits added to it BEFORE it was encrypted. Those 12 random bits are not-secret (they are published along with the encrypted password+salt). The person who wants to use a dictionary attack on your password has to first look at your salt, and add it to all the words in their dictionary before encrypting and comparing them. Thus, they either have to generate (and store) encrypted dictionaries with all possible salts, or wait until they know your salt to start encrypting. Either way, you given them more work (possibly a LOT more work).
Finally, if they get a thousand encrypted passwords, each with a different salt, they have to do 1000 dictionary searches (one per each unique salt), rather than just one.
So, 'salts' are just small bit of randomness that are added to a lot of cryptographic protocols (and are crucial to certain more advanced protocols), do basically eliminate certain simple cracking methods, without adding much complexity or work for the legitimate users of the protocol.
Re:lapprox 96^8 = 7213895789838336 possible passwo (Score:3, Informative)
If you look at a standard crypted password in a UNIX password file, you will see something like this:
f6HXOu/NErmqM
The first two characters are always the salt ("f6" in the above example. The password is xyzzy. What this means is that there are 4096 different ways to encrypt the word "xyzzy" (because salts are two characters from [A-Za-z0-9/.]). Other ways to encrypt xyzzy with different salts:
q.XRwCdLMrhAI
9M7WQHXYLACb6
So if you wanted to generate a dictionary of passwords and their crypted equivalents, you'd have to actually generate 4096 of those dictionaries in order to be able to find any potential password you'd come up against.
But for the legitimate user, salts provide no real additional work. If we want to verify that the password the user typed in is correct, we look at the salt on the crypted password ("f6") and call crypt with that password and salt:
crypt("xyzzy", "f6")
If the result matches what's in the password file, we know we've got a valid password.
Re:lapprox 96^8 = 7213895789838336 possible passwo (Score:2, Informative)
Re:lapprox 96^8 = 7213895789838336 possible passwo (Score:1)
Seventh Edition password encryption is long past its use by date. Apple need to do better.
8 Character limitation (Score:2, Interesting)
Seemingly this exact question is asked every year around Jun/Jul/Aug. Weird, are people changing passwords around this time or what?
This has nothing to do with apple's darwin or any of that. It's really just the way things have been for quite sometime. If you feel like switching the code then go ahead. Just be prepared to break compatibility with alot of programs. Whats the big deal anyway?? Key size doesn't really have jack to do with this if you choose a proper password; numbers, letters, etc extended chars combined in one password would take sometime to crack and thats assuming the person can get your passwd file. Blah lemme not even start this debate =)
Re:8 Character limitation (Score:1, Troll)
Key size doesn't really have jack to do with this if you choose a proper password; numbers, letters, etc
What if I choose a key size of one bit? That might matter..
Re:8 Character limitation (Score:1)
heh :-)
Re:8 Character limitation (Score:2)
They have. Linux, at least, supports using MD5 rather than crypt for hashing passwords. I believe that the BSDs do something similar (of course, the BSDs only provide
Just be prepared to break compatibility with alot of programs.
Eh? If you've got shadow passwords, any user apps won't be able to see the crypted password anyway. What applications are you thinking of, and why the hell are they trying to do anything with my passwords?
Re:8 Character limitation (Score:2)
Re:8 Character limitation (Score:2)
You mean passwd? This is generally done with something like PAM nowadays. People want to be able to authenticate from things like RADIUS, Kerberos and LDAP, so applications which fuck about with
You could defeat this if the program uses the crypt library but what if said programmer was following standard and wrote his own library.
Applications should not be encrypting passwords themselves and writing them to
Re:8 Character limitation (Score:2)
Several Os's?? Really? Name some if you don't mind. Seems to be working for some old machines my unit has and all those machines are digital unix. The ones that are of any concerning value are the military processing station ones.. but since you seem to have the answer I'd surely love to hear it.
If you'd like to see the end of this debate ahead of time feel free to join any unix newsgroup and post this conversation. Holding it on slashdot is a bit stupid and I've gotten into this type of convo every year for the last couple of years.. this year I'm doing somethign different.
Re:8 Character limitation (Score:2)
Good Password (Score:1)
Re:Good Password (Score:2)
Re:Good Password (Score:3, Funny)
d41d8cd9
Re:Good Password (Score:1)
Re:Good Password (Score:2)
Or are you doing:
echo secret | md5sum
??
Re:Good Password (Score:1)
Re:Imminent Death of Apple Predicted (Score:1)
'nuff said.
md5 or crypt? (Score:1)
Re:md5 or crypt? (Score:1)
Jaguar? (Score:3, Interesting)
Re:Jaguar? (Score:1)
It is a hole (Score:2, Insightful)
Suppose I have a password like this:
That is an extremely strong password that somebody might actually be able to remember. A flawed OS that truncates it to eight characters will use this: Which turns an NSA-class password into a Gomer Pyle-class password.Re:It is a hole (Score:1)
Re:It is a hole (Score:1)
I understand your point, but, in practice, your example is very rare. It is pretty much human nature to compose short passwords of one or two words, and it is wise to put non-alpha characters in there just to mix things up. Even a properly chosen 6 or 8-character password is hard to crack, and to do so properly would require obtaining a shadow password file (I hope this isn't trivial, either).
When I saw the article, I didn't think much of it, because even Solaris 8 uses 8-character passwords by default (I believe it can be configured otherwise). Keep in mind that neither Mac OS X nor Solaris 8 are being sold as end-all be-all secure operating systems. There are other systems, such as OpenBSD or a highly-tuned Solaris configuration, for example, that are more appropriate for secure uses.
Also, short passwords are usually usurped by bad organizational password policies as a security issue. Every time I hear of someone cracking a passwd file for fun, they tend to get a suprising number of passwords with little effort.
Re:It is a hole (Score:1)
Re:It is a hole (Score:1)
Yes, you should mix e.g. digits and a few totally random letters or so. The following is a common type of password, and a good one too (not easy to guess or crack):
jennifer7Q3gG
Now, what really happens if the OS without ever letting you know truncates that down to eight characters (and if the user happens to be a fan of Jennifer Lopez)?
Re:It is a hole (Score:2)
Unsubstantiated . Is this News for Nerds? (Score:1, Troll)
This story could be true, but it doesn't seem likely on the face of it.
Please followup with a verifiable citation or some sort. Otherwise this is a silly rumour.
Thank you
Re:Unsubstantiated . Is this News for Nerds? (Score:1, Redundant)
The problem is that the problem is very real, and quite substantiated. Here is how to prove it: Now, you can believe me or not. Its up to you. But ask anyone with a mac box to try this, and you will see...
However, as an aside, I hear that apple may be fixing this in Mac OS X 10.2, aka Jaguar. This is because jaguar is supposed to unfiy the BSD core of Mac OS X with a fairly current BSD, like 4.4 or whatever. But, since I do not have jaguar, I really can't say either way. However, I know this is not a general (current) berkeley stantard distribution problem, so updating the BSD used by Mac OS X would probably fix this.
Re:Unsubstantiated . Is this News for Nerds? (Score:2)
and all openssl passwd does is generate the hash based on whatever algorithm you choose.
but, if we're basing information on man pages, theres a man page for passwd.conf which is used to "describe the configuration of the password cipher used to encrypt local or YP passwords."
but of course its describing
Re:Unsubstantiated . Is this News for Nerds? (Score:1)
I was looking at the manpage for passwd(1) which states;
"The Unix standard algorithm crypt and the MD5-based BSD password algorithm 1 and its Apache variant apr1 are available."
Of course, my 'rant' wasn't that this (8 char limitation) isn't true, rather that it was 'unsubstantiated' and I asked for a verifiable citation.
The original author provided that substantiation and in fact he is quite correct.
Tomorrrow I'll go check my Jaguar system at work and check this further. I hope it's been fixed.
I find it curious that you state "If we're basing information on man pages" as if that was a curious or deprecated practice. I can only say 'RTFM' should be your mantra.
(Check out 'man -k' or 'apropos' to further your education, try 'man -k passwd' for starters)
The passwd.conf(5) man page has no options for the size of password to be hashed for md5 passwords, but thanks for your 'contribution'
Cheers
Re:Unsubstantiated . Is this News for Nerds? (Score:1)
I rechecked that man page for passwd(1) and it IS a openssl man page.
This is profoundly broken.
I stand by everything else I said and add that I hope the promised improvements to the man pages in Jaguar will fix this.
Thanks again
Re:Unsubstantiated . Is this News for Nerds? (Score:1)
*sigh* (Score:3, Insightful)
Okay listen up if you don't know enough about Unix to know that a lot of Unices use DES ecnryption to do passwords(which allows for only 8 chars), then you shouldn't be fucking with CLI, or at least don't expect things from it that aren't stated. Most Unices still use (or provided compatibility for) DES hashes as opposed to MD5. Apple is not that far behind the curve give it up, it's a stupid topic. The people who should know about security will already know all this and the people who dont really don't need to worry this much about security.
The GUI for all of this seems to make it clear tat it's only worrying about the first 8 chars.
Patrik
double sigh (Score:2)
The default password encryption algorithm on UNIX is "crypt", not DES. DES may eventually have made it into some commercial versions.
Furthermore, neither DES nor crypt impose intrinsic limitations on password length; it's easy to devise ways of using them with passwords of arbitrary length.
The people who should know about security will already know all this and the people who dont really don't need to worry this much about security.
Spoken like a true Apple zealot. Well, it's good if people with data to protect worry about how to protect their data. And a limited space of passwords is definitely something to worry about. Apple should go to MD5 and long passwords ASAP.
Who, me worried? (Score:1)
Maybe not. I think OSX does seem to handle a brute force entry decently.
But is "decently" enough given the lack of warning, given the lack of documentation?
This issue keeps being raised over and over. I can't find anything new in the thread (so far) that comes up with an adequate solution.
If I missed it or you know something recent kindly clue me in if not everyone else as well.
Many thanks.
Keychain uses more characters (Score:2, Informative)
By default, the keychain takes the login password, but it uses the full length, not just the first 8 characters. If you have a 15 character login and make a mistake in the 10th character, you will be logged in. However, you will have to reinter your password (all 15 characters) to access the keychain.
This is good b/c the keychain protects a lot of stuff but it still would be nice to know that your login password is only 8 characthers long.
There is a knowledge base article on this (Score:3, Informative)
Article ID: 106765 [apple.com]
Created: 2/26/02
"The effective password length for Mac OS X and Mac OS X Server is eight characters. You may type more characters, but they are ignored."
KeyChain can take up to 34 charachters (Score:3, Informative)
Unfortunatly , it is the BSD layer that limits things to 8.
too bad we can't mod something off the front page. (Score:2, Insightful)
Maybe this is a security issue, maybe it isn't. MacOS X comes with sshd and telnetd disabled. Unless you turn these on I'll need physical access to your box to even begin a brute force attack. Of course, if I have physical access to your machine I'm already done and don't give a hoot what your precious 8 character password was.
kevin
lots of commercial UNIX's only support 8 chars (Score:4, Informative)
HP-UX 11 uses more than 8.
I could have done a few more, but our SGI IRIX, Dynix PTX, Sinix and DG-UX boxes are offline.
Re:lots of commercial UNIX's only support 8 chars (Score:2)
Unix systems have been doing this for decades. (Score:2, Troll)
Anyway...
By default, Unix systems have typically had an 8 char password limit for decades. An 8 char limit for usernames, groupnames and passwords is part of the Unix standard.
"Why?" I hear you ask...
Well, deviating from this standard causes things like servers that often make use of authentication (e.g. FTP, Gopher, SSH, etc), NIS/NIS+ and various other local command line utilities to break. That's why you shouldn't deviate from the standard.
Mac OS X, Darwin, AIX, Sco, Solaris, Irix, HP-UX, FreeBSD, OpenBSD, HURD and Linux all have this limit with DES passwords. Additionaly, all of these Operating Systems support alternative authentication mechanisims though (but you should *still* never have a user or group name longer than 8 chars).
If you don't like it, you have the option to configure NetInfo to authenticate against another source, like say an OpenLDAP database, a Novell client or a Microsoft Active Directory server. If the system you are concerned about is a desktop system an 8 char passwd limit is your last problem, if it's a sever SSH can be configured to require an authentication certificate and so again, is a moot point.
This is not even a remotely serious problem given the context. Anyone that thinks so is (a) so paranoid as to be mentally ill or (b) doesn't know enough about the topic to comment.
This can't be stressed strongly enough: If you have data that's important (that is to say 'sensitive'), you should encrypt it, which is trivial to do by making a an encrypted disk image in Mac OS X (using Apple's included GUI utility: Disk Copy) then making it a login item and mounting it at login using scripts.
crypt vs MD5 (Score:3, Interesting)
at least i remember this being hte official explanation from apple, ill draw my own conclusion after a couple more semesters of algorithm lectures....
if it's true i take my hat off to apple for going for real security over the bigger numbers are better public theory.
There are worse problems (Score:2, Interesting)
I don't think the 8 character password limitation will go away any time soon. The problem is so many protocols use the 8 character limit like AppleShare.
some facts (Score:1)
Just use SSH (Score:1)
I also have a remote FreeBSD server also set up with a public ssh key so that I can log in without typing a password. So if someone is really concerned about security, they can just use ssh to tunnel communcations (shell, cvs, scp).
But most systems, especially my iBook at home, does not need very long passwords because it does not run very many network services and does not hold critical information anyway, like a database of credit cards. And if I do run remote services (ssh, ftp) on the iBook, I can always use the ipfw firewall to deny traffic to these ports except from specific locations. In fact, I run the MySQL database server and block port 3306 for remote connections so it cannot be accessed remotely.
So for me the password issue is moot. If someone is really serious about security, they should know enough to take care of it without seeing the 8 character password as a security hole.
Re:This is A BullShit Lie (Score:1)
Where it may have an impact though is the password keychain feature. My preferences are set so that when I login, the keychain is unlocked, saving me a lot of hassle. If those passwords need to be much stronger, I'd be in trouble. A brief description of the keychain from apple's site is here [apple.com].
There was a comment earlier about whether osx does password shadowing; it does.
osX does password shadowing... sort of (Score:2)
Re:Why has no one bothered to check this? (Score:1)
Re:Appletalk (Score:3, Funny)