[mcsjgs]

This looks like a good idea.

From:

Link to Original Article

Secure Your Password, Stronger Account Passwords in Panther

Posted by: DaveG on Nov 11, 2003 - 08:48 AM

If you upgraded to Panther, here's how to fix your password security.


One of the biggest problems with account security in OS X in 10.2.x and lower was that the passwords were not truly shadowed and only paid attention to the first 8 characters of the password you entered. Not exactly a good thing. While we didn't hear a lot about this fact, and in truth, there wasn't a lot of info about it available, especially if you were not in certain very specific parts of the hacker scene, it could lead to some pretty major security problems. Luckily, Apple fixed this problem in Panther. If you did a clean install of Panther, then the problem is already fixed for you, no problem. The password now recognizes more than the first 8 characters entered and is stored using real unix shadowing. However, if you did an upgrade, then the old problem persists on your box. Let's fix that right now, it's real simple and a no brainer. It shouldn't take more than a couple of seconds and you won't even have to touch the terminal, unless you want to of course

For those of you who do not like playing around with the terminal or just prefer using GUI tools when possible, launch your System Preferences application. Next, choose the Accounts applet, which will bring you to the users and account editing screen. Click in the top password box and type any character. This will cause Panther to authenticate you. Enter your password in the authentication box that pops up. Once you have been authenticated, replace the password in the boxes with either a new password, or your old one. This will cause Panther to reset your password and by doing so, it will use the updated system features to do so. Close System Preferences. You're done.

For those of you who like the terminal, launch it and use the passwd program to reset your password. If you don't know how to do this, then view the passwd man entry, i.e. [DaveG@DaveG]~$]man passwd.

Example:
[DaveG@DaveG]~$]passwd [enter]
changing password for DaveG
Old password:MyPassword [enter]
New Password:NewPassword [enter]
Retype new password:NewPassword [enter]
[DaveG@DaveG]~$]

To break this down simply, everything that has been emphasized is what this program puts on the screen. [enter] means you should hit the enter/return key on your keyboard. *MyPassword* is your current password and *NewPassword* is the password you are entering now. All text except for the command prompt, i.e. [DaveG@DaveG]~$] that is not emphasizedis what you enter.

That's all it takes, and now your system is using full passwords and proper password shadowing for you account. If you have other accounts on your box, you will want to do the same thing for those accounts as well. Enjoy your more secure Mac.
--DaveG

[pendragon]

Dave, Thanks so very much for your post. Most informative and I even learned a bit. Really.

But one point of clarification please. When you say that "Apple fixed this problem in Panther if you did a clean install of Panther."

By "clean install" do you mean Archive & Install or Erase & Install?

[mcsjgs]

Originally posted by pendragon:
Dave, Thanks so very much for your post. Most informative and I even learned a bit. Really.

But one point of clarification please. When you say that "Apple fixed this problem in Panther if you did a clean install of Panther."

By "clean install" do you mean Archive & Install or Erase & Install?

I'm not Dave, I only posted the article. Follow the Link if you want to get in touch with Dave, the author.

[zigzag]

Thanks for the tip, but what exactly does "shadowing" mean, and what is its significance?

Also, does anyone know if the log-in password can still be bypassed by using a bootable CD, or Target Disk Mode?

Thanks.

[Tomster]

Originally posted by zigzag:
Also, does anyone know if the log-in password can still be bypassed by using a bootable CD, or Target Disk Mode?

Yes, one can still boot from a cd and reset the password. You can get around this by locking out the ability to boot from any other drive in Open Firmware. There are, however, still ways around this.

As for target disk mode, I think the drive will be mounted with permissions ignored, so unless you are using FileVault...

Bottom line is physical access=total access unless things are encrypted.

[Boondoggle]

Bottom line is physical access=total access unless things are encrypted.

hence the appeal of FileVault

[chabig]

By "clean install" do you mean Archive & Install or Erase & Install?

He meant erase and install. A clean install of Panther automatically uses shadow passwords by default. If you do an archive and install, Panther will use the same system Jaguar used, because it preserves your netinfo database.

Chris

[proton]

Originally posted by zigzag:
Thanks for the tip, but what exactly does "shadowing" mean, and what is its significance?

"Shadowing" means that only root can read the password hashes for each user. The password hash is a one-way only encryption of your password. By one-way it means that it is mathematically impossible, knowing only the password hash, to revert it to the password itself.

But someone who has a copy of the hash could perform a brute force attack. That is, they could take every possible password, run the hashing algorithm on that password and check if it's the same hash. If it is, you've found the password. Obviously, this can take quite a while, even on a fast machine, but it is a feasible attack.

Pre-shadowing, any user of a machine could request all the password hashes of every user and therefore have the opportunity to perform this attack.

- proton

[zigzag]

Originally posted by proton:
"Shadowing" means . . . Pre-shadowing, any user of a machine could request all the password hashes of every user and therefore have the opportunity to perform this attack.

- proton

Thanks proton. It seems odd, though, that while another user of a machine wouldn't be able to decipher the admin's password, they could simply insert a bootable CD or use TDM to bypass the password.

Thus, as someone else said, the appeal of FileVault. However, I'm wondering how well the FileVault password is protected. Can the FV Master Password be different from the admin's log-in password, and if so is it well-protected?

I like the idea of FileVault but will continue to use encrypted disc images until FV is refined.

[Tomster]

Originally posted by Boondoggle:
hence the appeal of FileVault

FileVault is SO secure, it even prevents you from getting your own data! Honestly, I think FileVault is a fantastic idea, but am hesitant in using it again as it hosed a good amount of my stuff. Thank goodness for backups! Troubleshooting was a bitch because the problems occurred before it was a "known issue." They say everything is fixed. We shall see.

[chabig]

Thanks proton. It seems odd, though, that while another user of a machine wouldn't be able to decipher the admin's password, they could simply insert a bootable CD or use TDM to bypass the password.

It's always said that if someone has physical access to your machine, it's not secure. These password precautions are meant to prevent intrusions from the net, as well as casual hackers, not from someone dedicated to achieving access to your machine.

However, there is one more roadblock you can put in the way to prevent both booting from CD and using TDM--set an Open Firmware password. It prevents both of those attacks. Again, though, it can be bypassed if you have physical access to the machine and a bit of know-how.

Chris

[mitchell_pgh]

PLEASE NOTE: DO NOT DO MOST OF WHAT IS SAID IN THIS THREAD IF YOU ARE AN AVERAGE USER!!!

These are meant for:

1) People that need very very secure systems
2) People that have many people using one computer
3) People that leave their computers connected to the internet 24/7

You need to think about the weakest link. It's not going to be the etc/shadow , the bios not being secure or whatever else you use if you are FTPing over an insecure line. These things are meant to secure a secure site even further.

By turning off all of your ports (http, ftp, afp, etc. etc.) or by installing a $59 firewall, you place yourself into the "almost unhackable" group.

[absmiths]

Originally posted by zigzag:
Thanks proton. It seems odd, though, that while another user of a machine wouldn't be able to decipher the admin's password, they could simply insert a bootable CD or use TDM to bypass the password.

You are assuming physical access. A user account does not automatically mean console/physical connectivity. I have accounts on my machine for people who could never get to the keyboard/mouse/display/box. So, for them, the CD is not an option.

By the way, what is TDM? Total Domination Matrix?

[absmiths]

Originally posted by mitchell_pgh:
By turning off all of your ports (http, ftp, afp, etc. etc.) or by installing a $59 firewall, you place yourself into the "almost unhackable" group.

For me, that would put me in the "almost unusable" group. The most secure server in the world is one that is locked up and unplugged - it would also be pretty darn useless.

[absmiths]

Originally posted by zigzag:
Thus, as someone else said, the appeal of FileVault. However, I'm wondering how well the FileVault password is protected. Can the FV Master Password be different from the admin's log-in password, and if so is it well-protected?

The file vault password is independent of your login password. Resetting the login password does not reset the filevault master password (I think that is what I read).

However, it doesn't seem like a stretch to reset the root password and as root gain access to the user's data (one way or another).

[pendragon]

Originally posted by chabig:
He meant erase and install. A clean install of Panther automatically uses shadow passwords by default. If you do an archive and install, Panther will use the same system Jaguar used, because it preserves your netinfo database.

Chris

Thanks Chris. Your reply is indeed apreciated.

[chabig]

By the way, what is TDM?

Target Disk Mode

[zigzag]

Originally posted by absmiths:
By the way, what is TDM? Total Domination Matrix?

No, but that sounds like more fun.

I remember the first time I set a log-in password in OS X and thought, oh good, my Mac is secure. Imagine my surprise when I first used Target Disk Mode and discovered that my machine was wide open to anyone with a Firewire cable. That's when I learned about encrypted disc images, although I still don't know how secure those passwords are either.

[mitchell_pgh]

Originally posted by absmiths:
For me, that would put me in the "almost unusable" group. The most secure server in the world is one that is locked up and unplugged - it would also be pretty darn useless.

My point was... joe Mac user doens't need to worry about this...

[Person Man]

Originally posted by mitchell_pgh:
[B]PLEASE NOTE: DO NOT DO MOST OF WHAT IS SAID IN THIS THREAD IF YOU ARE AN AVERAGE USER!!!

What? You don't want people to reset their passwords so they use the newer, stronger password encryption algorithm that is default for Panther? You want them to continue to use the old method of only recognizing the first 8 characters?

Or are you talking about the other stuff?