Computer Security Weekly, July 19, 1999

Beg pardon, but your password is showing.

The password for your Mac is stored in a fairly standard location. Not exactly the same for all units, but easily found.

It also turns out that the encryption algroithm is extremely simple, and can be easily decoded with a hex editor. Heck, it can be decoded with an ASCII table. The algorithm is known, and has been published, along with an Apple script, just in case you can't be bothered to use an ASCII table.

According to published reports, the algorithm has been texted, and found to be the same, on MacOS 7.5.3, 7.5.5, 8.1, and 8.5.

Now, its not likely that people will be trusting great secrets to the security of their Macs, but if you are, they aren't secure. Secure applications which use the system security may also be at risk.

There is, however, a further risk. Many people use the same password on all their systems. Therefore, if someone can break your Mac password, they may also be able to get into a lot of other things.

Find virus, book info http://victoria.tc.ca/techrev/rms.htm
Mirrored at http://sun.soci.niu.edu/~rslade/rms.htm
Linked to bookstore at http://www97.pair.com/robslade/

Go To Page: 1