Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!BRUCE@umdb From: BRUCE%umdb@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Security Message-ID: <2749@sri-arpa.UUCP> Date: Fri, 1-Jul-83 23:09:00 EDT Article-I.D.: sri-arpa.2749 Posted: Fri Jul 1 23:09:00 1983 Date-Received: Thu, 7-Jul-83 20:41:24 EDT Lines: 14 From: Bruce CrabillI have never understood the reason behind the "salt" in the password ecription. I understand that it was to help prevent duplicate ciphertext when two users had the same password, but why not just take the userid and encript it with the user's password and place the resultant ciphertext in the password file? I also agree with Ron Natalie about the concept of keeping the passwords in a non-readable file. Seems like the best way to avoid problems. Bruce ARPANET: BRUCE%UMDB.BITNET@BERKELEY BITNET: BRUCE@UMDB