Blog of Stuff: Posts tagged 'Mac'urn:http-www-brinckerhoff-org:-tags-Mac-html2015-05-07T21:57:03Zmy root password? oh sure, here it is.urn:http-www-brinckerhoff-org:-blog-2015-05-07-my-root-password-oh-sure-here-it-is2015-05-07T21:57:03Z2015-05-07T21:57:03ZJohn Clements
<p>So, I just bought a copy of Screenflow, an apparently reputable piece of screencasting software for the mac. They sent me a license code. Now it’s time to enter it. Here’s the window:</p>
<div class="figure"><img src="/img/screenflow-license-window.png" alt="" />
<p class="caption"></p></div>
<p>Hmm… says here all I need to do is… enter my admin password, and then the license code.</p>
<p>Wait… what?</p>
<p>Why in heaven’s name would Screenflow need to know my admin password here?</p>
<p>My <em>guess</em> is that it’s because it wants to put something in the keychain for me. That’s not a very comforting thought; it also means that it could delete things from my keychain, copy the whole thing, etc. etc.</p>
<p>This is a totally unacceptable piece of UI. I think it’s probably both Apple’s and Telestream’s fault. Really, though, I just paid $100 and now I have to decide whether to try to get my money back, or just take the chance that Telestream isn’t evil.</p>
<!-- more-->
<h2 id="the-larger-question">The Larger Question</h2>
<p>The more I think about this, though, the deeper it gets. Is there any realistic way to partition passwords into high-security and low-security? If I have a password manager, then clearly the password for my account there is pretty much my highest-security item; having that password allows someone access to all my bank accounts, etc. Compromising that would be a disaster.</p>
<p>But wait! If you have root on any machine that I use to access that password manager, then you can presumably install a keystroke logger that can observe me typing the password for that password manager (unless I use a hardware-based authentication mechanism), so all of those passwords are pretty much vital as well. I’m thinking specifically of the administrator password on my laptop.</p>
<p>Unfortunately, consumer OSes are pretty cavalier in their handling of administrator passwords. I obviously have no choice but to trust the OS itself in handling that password, but I really don’t want to trust any other application code in that way. However, there’s no reliable way for me to determine, given a window that asks for my password, whether it’s “from the OS” or not. Solving this would involve some fairly drastic steps. The one that comes to mind is having a special light—say, on the side of the keyboard—that indicates that the OS is asking me to enter my password. This would presumably be accompanied by some kind of full-screen takeover. I’m guessing that most OS designers would not find this appealing.</p>
<p>I’d buy it, though.</p>
<p>Does this make me a tinfoil-hat guy?</p>
<h3 id="post-scriptum">Post Scriptum</h3>
<p>In the end, I did get a refund from Telestream; it was prompt, and they convinced me that they have good business practices, even if their security model stinks.</p>