Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How *not* to change account passwords in 10.3' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How *not* to change account passwords in 10.3
Authored by: Nem on Aug 25, '06 10:27:51PM
Sorry, but that wouldn't work.

As an administrator, when you change a user's password, it just overwrites whatever is stored in netinfo (on other UNIX boxes, it overwrites whatever is in /etc/shadow for a particular user).

In order to "fix" the FileVault, you must have the password/key it was encrypted with.

This actually begs another question. If you change your password, does OS X re-encrypt your entire FileVault (home directory) with the new password? I'm guessing not, actually. I'm guessing that the key used to encrypt the FileVault is more complex than what can be represented by your password. That means that the actual encryption key is stored somewhere else on the system and perhaps that is encrypted with your login password. This makes a lot more sense, since it would be a time (and disk) consuming exercise to re-encrypt your FileVault everytime you change your password.

This is actually quite interesting - I'm gonna have to go do some research on this. ;-)

---
Nem W. Schlecht
http://geekmuse.net/

[ Reply to This | # ]