The problem with readable passwords – Apple Mac OS X Server (Administrator’s Guide) User Manual
Page 194
194
Chapter 3
A user’s password is stored in the user account in an encrypted form, derived by feeding a
random number along with the clear text password to a mathematical function, known as a
one-way hash function. A one-way hash function always generates the same encrypted value
from particular input, but cannot be used to re-create the original password from the
encrypted output it generates.
To validate a password using the encrypted value, Mac OS X applies the function to the
password entered by the user and compares it with the value stored in the user account. If
the values match, the password is considered valid.
You can use Workgroup Manager to enable using the basic password validation strategy for
user accounts stored in a Mac OS X directory or non-Apple LDAPv3 directory domain.
To enable basic password validation using Workgroup Manager:
1
In Workgroup Manager, open the account you want to work with if it is not already open.
To open an account, click the Account button, then use the At pop-up menu to open the
directory domain where the user’s account resides. Click the lock to be authenticated, then
select the user in the list.
2
On the Advanced tab, choose Basic from the “Use Password Type” pop-up menu.
3
If the user’s password validation strategy is currently a different one, you will be prompted to
enter and verify a new password.
If you are working with a new user, enter the password on the Basic tab in the Password field,
then reenter it in the Verify field. “Choosing a Password” on page 192 provides guidelines for
choosing passwords.
The Problem With Readable Passwords
Whenever you store passwords in a readable form, they are potentially subject to hacking.
Consider, for example, NetInfo user records. Although the passwords in NetInfo user records
are encrypted using one-way encryption, they are readable because the nidump utility can be
used to copy user records to a file. The file can be transported to a system where a malicious
user can use various techniques to figure out which password values generate the encrypted
values stored in the user records.
This form of attack is known as an offline attack, since it does not require successive login
attempts to gain access to a system. As soon as a password is identified, the correct user name
and password can be supplied and the malicious user can log in successfully without notice.