Path: utzoo!attcan!uunet!vsi!friedl From: friedl@vsi.COM (Stephen J. Friedl) Newsgroups: comp.unix.wizards Subject: Re: password aging Summary: shadow passwords are a good idea Message-ID: <956@vsi.COM> Date: 29 Nov 88 19:50:23 GMT References: <17648@adm.BRL.MIL> <9001@smoke.BRL.MIL> Organization: V-Systems, Inc. -- Santa Ana, CA Lines: 25 In article <9001@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn ) writes: > > In response to Barry's suggestion that shadow (really, non-public) > password files are a panicky reaction to the Internet worm/virus: > I've recommended this for years. AT&T adopted it for its MLS UNIX > well before the virus scare. If done right, it adds a significant > amount of security to the typical UNIX system. It's a good idea. A good idea indeed. It does increase the complexity of the password code, but it can really foil a cracker. There are people out there (i.e., `me in a former life') who are fairly adept at converting an /etc/passwd file into a handful of logins given a couple of hours of processor time, a good list of sample passwords, and software to automate the task. Shadow passwords will cut this down in a pretty big way. How many of you have done 'grep :: /etc/passwd' on a machine? Steve -- Steve Friedl V-Systems, Inc. +1 714 545 6442 3B2-kind-of-guy friedl@vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl ---------Nancy Reagan on cutting the grass: "Just say mow"--------- :wq!