Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm in the same boat; been using FileVault since day one.

I just checked and, sure enough, my cleartext password is visible if I run:

  $ sudo cat /var/log/asl/* | strings | grep 'password ='
So if my laptop were lost or stolen not only would the encryption be worthless, but my login password is available too. This is a big hole.

Guess today's a good day to switch to FDE



And pray that it doesn't have a similar hole that gets discovered a few months down the line...




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: