10.3: Make your password more secure

Nov 16, '03 01:31:00AM

Contributed by: Air Mapster

In Mac OS X releases prior to 10.3, account passwords were always stored as hashes generated by the old Unix crypt function. One of its shortcomings is that passwords cannot be more than eight characters long: anything beyond eight characters is ignored. These password hashes are also stored directly in the NetInfo database, viewable by anyone with access to the system. This means a malicious user can grab everyone's encrypted passwords and run a password cracking program on them to try to gain further access.

One of the many improvements in Panther is support for longer passwords using a different hash algorithm (I'm not sure if it's md5 or something else). It also adds shadow password functionality, which means the encrypted password hash is not stored directly in NetInfo. Accounts with new passwords must authenticate using a special API in the DirectoryService Framework, which never reveals the encrypted password hash.

All new accounts created in Panther use the new password scheme by default, so there's nothing you need to do to enable it for them. But if you did an upgrade or archive install from a previous version of Mac OS X, your old accoutn passwords were carried over and used unchanged in Panther. To change your account to use the new password encryption is simple:

  1. Go into the Accounts Preference Pane
  2. Type your password into the Password and Verify fields. It will ask you to authenticate first, so also type your password into the sheet that pulls down.

That's it. You don't even have to change your password -- you can use the same one. But hey, maybe now is a good excuse to change it anyway? To verify that the change worked, follow these steps:

  1. Open /Applications -> Utilities -> NetInfo Manager
  2. Click on users and then click on your username.
  3. Check the passwd field. For old style passwords, you will see a string of characters. For new style passwords, you will see only ********.
  4. Also check the authentication_authority field. Old passwords will have ;basic; and new passwords will have ;ShadowHash;.
You can check this before and after to show that it really changed. Also if your password is eight characters long, you can verify that typing any number of characters after the eighth will still log you in before the change, but it will not work after.

Finally, note that some unix programs that need to authenticate users may not be updated to handle the new passwords yet. This hint shows one example.

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20031107215426990