John
>Is there a file somewhere that controls the password?
Have a look in the keychain, see if Apimac saves it there - use
Keychain Access.app in /Applications/Utilities and look in the Login
keychain, category Passwords. If there are any relevant looking ones,
double-click them and tick the "show password" box.
Cheers - Jaimie
--
"People don't buy Microsoft for quality, they buy it for compatibility
with what Bob in accounting bought last year. Trace it back - they buy
Microsoft because the IBM Selectric didn't suck much" - P Seebach, afc
> On Sun, 12 Jun 2011 23:05:19 +0100, John <cof...@the.cafe.com> wrote:
>
>> Is there a file somewhere that controls the password?
>
> Have a look in the keychain, see if Apimac saves it there - use
> Keychain Access.app in /Applications/Utilities and look in the Login
> keychain, category Passwords. If there are any relevant looking ones,
> double-click them and tick the "show password" box.
>
> Cheers - Jaimie
I got the brain into gear and remembered the pass. I looked in
keychain, found nothing.
Thanks
John
I think it just makes folders invisible to the finder by putting a full stop
at the beginning of the name- you could probably get round this by finding
invisible folders using file buddy, and changing the name to lose the period?
The keychain is protected by your account password or any other
(stronger?) you care to set. As long as you don't share that, single,
password all your other key chain items will be secure. You can add your
own keychain items for passwords that cannot be saved automatically.
Tony
So open to anyone with physical access to your machine,
Jan
> > The keychain is protected by your account password or any other
> > (stronger?) you care to set. As long as you don't share that, single,
> > password all your other key chain items will be secure. You can add your
> > own keychain items for passwords that cannot be saved automatically.
>
> So open to anyone with physical access to your machine,
Only if they know your password.
Besides, if someone you don't trust has physical access to your machine
then you have bigger problems.
Jim
--
'65 Black Stingray - for barter only. Call 555-8972
Facetime ID:j...@magrathea.plus.com
> J. J. Lodder <nos...@de-ster.demon.nl> wrote:
>
>>> The keychain is protected by your account password or any other
>>> (stronger?) you care to set. As long as you don't share that, single,
>>> password all your other key chain items will be secure. You can add your
>>> own keychain items for passwords that cannot be saved automatically.
>>
>> So open to anyone with physical access to your machine,
>
> Only if they know your password.
>
> Besides, if someone you don't trust has physical access to your machine
> then you have bigger problems.
>
> Jim
The wife, for instance.
I didn't mean it, I was only joking, sorry.
John
> J. J. Lodder <nos...@de-ster.demon.nl> wrote:
>
> > > The keychain is protected by your account password or any other
> > > (stronger?) you care to set. As long as you don't share that, single,
> > > password all your other key chain items will be secure. You can add your
> > > own keychain items for passwords that cannot be saved automatically.
> >
> > So open to anyone with physical access to your machine,
>
> Only if they know your password.
Which you can reset with a system disk.
> Besides, if someone you don't trust has physical access to your machine
> then you have bigger problems.
The idea of special purpose passworded things
is to have some protection even when someone else has your machine,
Jan
> Jim <j...@magrathea.plus.com> wrote:
>
>> J. J. Lodder <nos...@de-ster.demon.nl> wrote:
>>
>>>> The keychain is protected by your account password or any other
>>>> (stronger?) you care to set. As long as you don't share that, single,
>>>> password all your other key chain items will be secure. You can add your
>>>> own keychain items for passwords that cannot be saved automatically.
>>>
>>> So open to anyone with physical access to your machine,
>>
>> Only if they know your password.
>
> Which you can reset with a system disk.
Unless that decrypts and re-encrypts your login keychain, you're still safe.
--
Chris
The attacker replaces the keychain software with their own 'special'
version which tells them everything it knows.
Which is only the encrypted password for the
whatever-it-was-we're-talking-about.
--
Chris
> Jim <j...@magrathea.plus.com> wrote:
>
> > J. J. Lodder <nos...@de-ster.demon.nl> wrote:
> >
> > > > The keychain is protected by your account password or any other
> > > > (stronger?) you care to set. As long as you don't share that, single,
> > > > password all your other key chain items will be secure. You can add your
> > > > own keychain items for passwords that cannot be saved automatically.
> > >
> > > So open to anyone with physical access to your machine,
> >
> > Only if they know your password.
>
> Which you can reset with a system disk.
Only the account password, not the keychain password. Your keychain is
safe from anything short of brute force password cracking (assuming no
vulnerabilities in its encryption).
Passwords and other secure items in the keychain are encrypted using
your keychain password. If you lose the keychain password, you can't get
the secure items out of the keychain again short of brute force guessing
of the keychain password.
The normal arrangement is for Mac OS X to have the same account password
and keychain password. In this case, if you change your account password
using the "normal" method (from System Preferences while logged in as
that user), the keychain password is also updated to the new account
password.
If you use any "reset password" mechanism (either System Preferences
while logged in as a different admin user, or the mechanism available
from the Mac OS X install DVD), the account password is reset, but the
keychain keeps using the old password.
You can also deliberately set your keychain to use a different password
from your user account, in which case changing your own account password
via System Preferences will not touch the keychain password (unless you
set the same password for both, then change it again using System
Preferences).
--
David Empson
dem...@actrix.gen.nz
Most users don't even know that there is such a thing
as a keychain password, let alone that it can be set.
Or even that there is such a thing as the keychain,
Jan
Which doesn't invalidate the fact that there is.
Jim
--
Amelia Pond: You're soaking wet.
The Doctor: I was in the swimming pool.
Amelia Pond: You said you were in the library.
The Doctor: So's the swimming pool.
My point is that once an attacker has had the ability to modify the
system, they can subsequently retrieve any credential that you use.
That page is not talking about the same issue.
That page is discussing how a service (a login, say, or a website)
stores a user's password in such a way that (i) it cannot leak the
plaintext of the password but (ii) it can nevertheless verify that a
supplied password plaintext is the right one.
The problem this mitigates is unauthorized read-only access to the
service's password database. But that's not what I'm talking about: I'm
talking about the case when someone who has sufficient access to the
machine to modify the software running on it (for instance, because they
have physical access to it for a while).
The user, or a keychain application acting on their behalf, must
nevertheless access the password plaintext in order to access the
service, and that is the point at which someone who has previously taken
control of the machine will capture it.
For instance, you type a password when you login to most modern
computers. No matter how secure the long-term storage of the password
on the computer, if the attacker has taken control of the login process,
they will know your password *because you just typed it in*.
> Ah - you're talking about the attacker installing software, then going
> away and leaving you to use the machine so they can capture passwords?
>
> Didn't know you were thinking of that.
Yes. I don't think I was being especially unclear.
Your explanation was very clear. Excuse Rowland, he has a lot on his mind
these days, having to move out by September and the divorce. He hasn't had
time to keep up.
--
"Well, yeah, like meeting half a dozen consultant shrinks and finding out
that they're all a bunch of incompetent bullying lying ignorant abusive
bastards."
Rowland McDonnell foaming at the mouth - Nov 28, 2007
> If you use any "reset password" mechanism (either System Preferences
> while logged in as a different admin user, or the mechanism available
> from the Mac OS X install DVD), the account password is reset, but the
> keychain keeps using the old password.
We keep getting stung by this, although not badly yet. My son changes
his password, forgets what he's changed it to, and I have to go in as an
admin and change it. Which gets him into his user account, but doesn't
get him his keychain. Hopefully he'll learn that lesson before his
keychain contains more important stuff than game logins.
--
Pd