Is OSX a 'secure' OS? I think NO!!! infact......

Zeus

Registered
I think os X is not a secure Os infact i noticed (did I spell correct??) that in the login panel osx uses just only the first eight characters to login the user!!!

Excuse me ... os x is a beatiful system ... but what about unix security if I can use just the fist 8 characters to log???
Probably i think was moooore sure system 7 with AtEase:mad:
 
Ha ha ha :p
I hated AtEase ... all my H.S. macs had them and I could not access the desktop lol ... of course I found ways to hack into it lol and when a teacher asked me how I go it I just told em that mr. xyz let me in ;) he he he ;) At ease was a pain in the behind :p

Go to the apple feedback site and note your protests:)
 
I thought UNIX only uses 8 characters to store user names, but I might be wrong. Even so, if a user name could only consist of letters (upper and lower case,) that would make a total of 52 usable characters. That would mean that there would be about 5.34*10^13 user names consisting of 8 characters. This is even a low guess, as you could still have user names with less than 8 characters, and the names are certainly not limited to just 52 alpha characters. That doesn't seem like a security risk to me.

Oh, and At Ease is not secure. All I have to do is open any application, and save a blank file over the At Ease prefs. At Ease forgets its password, and I have access to the Finder. Or I could just boot from a System CD...
 
Yes, probably it's true .... but why should I use a 9char pass, or 16 char password if osx use ONLY 8???

P.S. I know AtEase wasn't a secure system .... but, excuse me if i hav a osx install cd i can change ALL users Password .... even the ROOT passw ....





Do you know if there's a way to stop it.... someone suggest me to remove cdrom drives from machines .... i think it's not a good idea
 
Are you claiming that the login name ignores everything after 8 characters? Or that the password field ignores everything after 8 characters?

...and how did you verify this?

-Rob
 
OS X uses the old Unix-style crypt(3) for encrypting passwords, so it only supports eight characters. Not sure why Apple didn't go the MD5 route...
 
The 30yr old standard is 8, and thus various daemons assume 8 which is the crux of the problem. AppleShare, ftpd, nfs, who knows what else. And what about the clients which also assume 8 characters? Sure, you could type more than 8 but in most cases only the first 8 will be passed on. This will either mean a false sense of security or authentication failure.

A better system wouldn't even use passwords. If you're going to rewrite everything, why just add 16character password support?
 
Windows 2000 even gives away the username of the last user... That's worse.

I have never seen a *nix-system that uses more than 8 chars, but then again, I haven't seen many unix-systems. :)
 
....:::: Welcome to Admiral's Computer :::::......

..... Please place your thumb on the pad .....
..... And look straight ahead in the screen .....




Retinal scan in progress ..... Passed
Thumbprint scan in progress ..... Passed



Please provide command authorization code:

(spoke) alpha pi delta niner the leapin frogs went a leapin


Processing verbal command ..... Passed



Welcome Admiral, have a pleasant day







Brought to you by
Admiral
 
That could be true very soon. As you may or may not know, there is already a piece of hardware/software that enables the "admin" of the computer to require users to scan their thumb and enter a password to get to an account. As of now, I believe it is only for Windows, but that doesn't mean there won't be one for Mac or *nix systems in the future.
 
Back
Top