Lost Keychain Password
in [Mac Systems]
|
From: David Empson on 9 Mar 2010 16:34 Malcolm <malcolm(a)invalid> wrote: > On 2010-03-09 12:22:23 -0500, John Varela said: > > > On Tue, 9 Mar 2010 08:03:37 UTC, dempson(a)actrix.gen.nz (David > > Empson) wrote: > > > >> Your friend's best solution is to try guessing it. > > > > Oh, we did that, all right... > > > >> If necessary, keep a copy of the .keychain file somewhere else and > >> start a fresh one in its place (with a known password), and try to open > >> the old one from time to time if another idea occurs as to the password > >> which might have been used. > > > > This is not an emergency, just a nuisance. Safari asks him for his > > keychain password from time to time; of course he clicks cancel and > > goes on. He didn't even know what the keychain is until I got > > involved. So he can continue as he is, though it would drive me > > crazy if it happened to me. > > > > Keychain Access in 10.6 wants an Administrator password. If there's > > a separate keychain password, I can't recall ever having been asked > > for it and I don't know what it is. > > If you didn't do anything special, the keychain password should be the > same as the login password for the account. If you check all the boxes > in Keychain Access' "First Aid" preference, it should stop asking for > the password. The most common "special" thing that someone does which brings about this problem is that they forgot their login password, and used one of the "reset password" mechanisms, such as via booting from the Mac OS X DVD. The "reset password" mechanism will reset your user account (login) password, but it does NOT change your keychain password, because it can't without knowing your existing one. The end result is that your keychain still has the old (forgotten) password, and it doesn't unlock automatically. [By the way, Malcolm: please set your newsreader to use plain text for Usenet postings, i.e. disable MIME/HTML, at least for the comp.sys.mac.* groups. News postings should be plain text.] -- David Empson dempson(a)actrix.gen.nz
From: John Varela on 10 Mar 2010 16:47 On Tue, 9 Mar 2010 17:22:23 UTC, "John Varela" <newlamps(a)verizon.net> wrote: > Keychain Access in 10.6 wants an Administrator password. If there's > a separate keychain password, I can't recall ever having been asked > for it and I don't know what it is. And of course, not one hour after I posted this, I found myself needing the keychain password, which was the login password for the account prior to the current login password. -- John Varela
From: Jeffrey Goldberg on 20 Mar 2010 13:48 On 2010-03-08 7:14 PM, John Varela wrote: > A friend has forgotten the password to his keychain. Is there any > back door to recover it? No, there is no back door. Much of the keychain architecture is open source, so we know that there is no back door in those parts of it. I suspect that someone has figured a way to integrate a general password cracker like "john" to keychain access. But I haven't googled for that. > While I have your attention: This was out of town and I had brought > my new netbook with me and wanted to get on our host's wi-fi > network. I went into his network preferences and looked at his > Airport password, and it was $ followed by 30 or more hex digits. > I'd never seen anything like that. (This was the same 10.4.11 Intel > iMac.) Explanation? There was a time, particular with some WEP implementations where users were expected to give a hex version of the password. Other implementations rejected such things and wanted a pass phrase that it would convert to the hex string. I remember having some difficulty with this with Apple many years ago. I think that if you had to enter the hex string you needed to prefix it with a "#", but maybe it was a "$". Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
From: commiebastard on 20 Mar 2010 14:47 On Mar 9, 4:03 am, demp...(a)actrix.gen.nz (David Empson) wrote: > John Varela <newla...(a)verizon.net> wrote: > > A friend has forgotten the password to his keychain. Is there any > > back door to recover it? He's running 10.4.11 in an Intel iMac. > > No. The entire point of the keychain is that it is a secure means of > storing passwords, protected by the keychain password (which is used > indirectly to encrypt the keychain contents). > > If you lose the keychain password, you lose the ability to access > anything stored in the keychain. > > Your friend's best solution is to try guessing it. If necessary, keep a > copy of the .keychain file somewhere else and start a fresh one in its > place (with a known password), and try to open the old one from time to > time if another idea occurs as to the password which might have been > used. > > > While I have your attention: This was out of town and I had brought > > my new netbook with me and wanted to get on our host's wi-fi > > network. I went into his network preferences and looked at his > > Airport password, and it was $ followed by 30 or more hex digits. > > I'd never seen anything like that. (This was the same 10.4.11 Intel > > iMac.) > > Probably a hex-encoded WPA/WPA2 key. I've never bothered with one as the > human-readable passphrase has almost always worked. > > Hex keys are more commonly encountered with WEP (26 hex digits is > common) due to lack of a standard for how to convert between > human-readable passwords and encoded WEP keys. > > > Explanation? He said the Comcast installer had set him up > > with that password. My netbook running Win 7 wouldn't accept hex so > > I was out of luck, even if I could have copied that many characters > > correctly. > > You may have just needed to work out what notation it required to let > you enter a hex key. I've never done that with Windows, but a prefix of > 0x seems the most likely starting point. > > -- > David Empson > demp...(a)actrix.gen.nz Doesn't Time Machine back up the keychain file? I don't know if the OP has Time Machine enabled, but if he does, can he just recover it? And if he doesn't it would be a good idea to enable Time Machine in the future.
From: David Empson on 20 Mar 2010 16:29
commiebastard <oraclmaster(a)gmail.com> wrote: > On Mar 9, 4:03 am, demp...(a)actrix.gen.nz (David Empson) wrote: > > John Varela <newla...(a)verizon.net> wrote: > > > A friend has forgotten the password to his keychain. Is there any > > > back door to recover it? He's running 10.4.11 in an Intel iMac. > > > > No. The entire point of the keychain is that it is a secure means of > > storing passwords, protected by the keychain password (which is used > > indirectly to encrypt the keychain contents). > > > > If you lose the keychain password, you lose the ability to access > > anything stored in the keychain. [...] > Doesn't Time Machine back up the keychain file? I don't know if the OP > has Time Machine enabled, but if he does, can he just recover it? And > if he doesn't it would be a good idea to enable Time Machine in the > future. Certainly, Time Machine will back up the keychain file. That doesn't change anything - the backed up copy of the keychain will be locked by a password that the OP's friend has forgotten, so it will be equally unusable. -- David Empson dempson(a)actrix.gen.nz |