Re:Well, it's not the only security problem. (Score 1)

Mac OS 10.1.x uses crypt passwords and these passwords are subject to being read by simple dump scripts

Mac OS 10.2.x uses crypt passwords and these passwords are subject to being read by simple dump scripts

Mac OS 10.3 creates new accounts with shadow password, these passwords are not subject to simple script download - only root processes can read the hashes.

Legacy/existing user accounts created before 10.3 retain the crypt password.

With 10.3 Simply resetting the password in System Preferences/Accounts migrates the password to the new shadowhash style (or for the CLI crowd you can use passwd).

the maximum length of shadowhash passwords in Mac OS 10.3 is virtually unlimited (it's a hashed digest of the password string). However for pratical purposes the GUI and most command line tools have limits between 128-200 characters.

10.3 with updated accounts or newly created accounts is no longer exposed to simple password dumping attacks, and supports more than 8 characters.