Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'don't bother; it's easy to crack your password no matter how long it is' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
don't bother; it's easy to crack your password no matter how long it is
Authored by: zojas on Dec 07, '04 04:58:34PM

your login password can be written to the swapfile after you run sudo or are asked to authenticate by the gui. I have 640mb of ram on my system, and have seen my passphrase in the swap file.

if your login password can be recovered, it can be used to unlock your keychain, which depending on how you use it, can then be used to unlock your filevault volumes.



[ Reply to This | # ]
don't bother; it's easy to crack your password no matter how long it is
Authored by: Anonymous on Dec 09, '04 10:51:14PM

It's good practice to have the keychain password different from the login password, for this reason.

Even if you have my login password, you would not be (easily) able to inspect my mail, ssh info or gpg keys (which are symlinked to an encrypted disk image) unless you provide the passphrase for my keychain.

[ Reply to This | # ]