brad@looking.UUCP (Brad Templeton) (11/11/88)
The philosophy behind the readable password file is old, but was valid at the time, I think. The idea was that non-ecrypted passwords in an unreadable file is no kind of password security, although it's exactly the kind of security that GCOS has. If you use this method, than any problem which allows mere *read* access to disks is enough to get complete, often undetectable, access to the system. For example, just physical access to disk packs or backup tapes is enough. So when they made the Unix password file, as I understand it, they said, "We have to assume people will get at the password entries, so let's put all or security into encryption." With hindsight, it seems a combination is in order, but the philosophy that you should assume that any sophisticated cracker will get to read them still should apply. -- Brad Templeton, Looking Glass Software Ltd. -- Waterloo, Ontario 519/884-7473