Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'don't bother; it's easy to crack your password no matter how long it is' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
don't bother; it's easy to crack your password no matter how long it is
Authored by: zojas on Dec 07, '04 02:10:05PM

it doesn't matter how long your password is, it's trivial for an attacker to recover it, using at least two different methods. make no mistake, OS X's password security is a total joke right now.

method 1: run the program 'strings' on your swap file, search for your full user name, you'll find the complete text of your password in plain text for all the world to see.

method 2: your login password is also stored as a windows/samba hash, which can be cracked by programs such as john the ripper in a few hours.

details for both attacks can be found on the web pretty easily, I'm to lazy to put in links right now.



[ Reply to This | # ]
don't bother; it's easy to crack your password no matter how long it is
Authored by: iRideSnow on Dec 07, '04 04:18:13PM

I don't know about method 2, but I tried method 1 on /private/var/vm/swapfile0, searching for my full login name, my short login name and even my password itself. Only the short name was found. This is with 10.3.6.

So, if this is a hole, it's either been fixed, or it's not consistent, or only comes into play if you don't have a lot of memory (I have 1G). Besides, you need admin privs to view/manipulate the swapfile anyway. So I don't really see how it's much of a hole seeing as how you have to either know the root/admin password anyway or go through some other contortions in order to somehow gain access to the swap file without knowing the admin password. And if you can do that, you probably already have pretty good access to the system and don't really need the admin password. No computer is 100% secure, especially when you have physical access to it. I mean, why not just remove the disk drive and dump the contents to a giant file! You're sure to find lots of cool stuff then!

Rob



[ Reply to This | # ]
don't bother; it's easy to crack your password no matter how long it is
Authored by: zojas on Dec 07, '04 04:58:34PM

your login password can be written to the swapfile after you run sudo or are asked to authenticate by the gui. I have 640mb of ram on my system, and have seen my passphrase in the swap file.

if your login password can be recovered, it can be used to unlock your keychain, which depending on how you use it, can then be used to unlock your filevault volumes.



[ Reply to This | # ]
don't bother; it's easy to crack your password no matter how long it is
Authored by: Anonymous on Dec 09, '04 10:51:14PM

It's good practice to have the keychain password different from the login password, for this reason.

Even if you have my login password, you would not be (easily) able to inspect my mail, ssh info or gpg keys (which are symlinked to an encrypted disk image) unless you provide the passphrase for my keychain.

[ Reply to This | # ]

don't bother; it's easy to crack your password no matter how long it is
Authored by: derrickbass on Dec 07, '04 08:21:17PM

It is an exaggeration to say that Mac OS X password security is a complete joke and even if it were, it is highly irresponsible to recommend that people not bother with password security.

It is true that Mac OS X unfortunately stores the Samba hash of your password, even if you don't actually use Samba or allow login from windows. Microsoft was stupid (what else is new) and made it so that you can break the hash in 7-character stages, rather than having to do it all at once, changing an exponential problem into a linear one.

HOWEVER, in order to access the hash, you need root access to the machine (or equivalently, physical access). (And, as has already been pointed out, the same goes for the trick of grabbing the password from the VM swap file.) This significantly narrows the scope of the vulnerability.

Now these are certainly problems, and Apple should fix them. (Why? A hacker with root or physical access can access all of your files, which is bad, but with your password they can do worse. Without the password, they cannot decrypt your keychain (which may contain passwords to financial sites or e-commerce sites that store your credit card number). Also, since many people use the same password for various accounts, once they have one password, they likely have them all. Finally, if you don't detect the break-in, then they can continue to access your system, even if the original security flaw that allowed access is repaired.)

A good password is still important. First, it helps keep people who don't have physical access from breaking in. Second, even if someone tries to break your samba hash, it will take them longer if you have a stronger password (but a longer password won't help much).



[ Reply to This | # ]
don't bother; it's easy to crack your password no matter how long it is
Authored by: sjk on Dec 07, '04 09:21:23PM

Nice followup, Derrick.



[ Reply to This | # ]