Readable Password File

[Brad Templeton]

The philosophy behind the readable password file is old, but was valid at
the time, I think.

The idea was that non-ecrypted passwords in an unreadable file is no
kind of password security, although it's exactly the kind of security
that GCOS has.

If you use this method, than any problem which allows mere *read* access
to disks is enough to get complete, often undetectable, access to the system.
For example, just physical access to disk packs or backup tapes is enough.

So when they made the Unix password file, as I understand it, they said,
"We have to assume people will get at the password entries, so let's put
all or security into encryption."

With hindsight, it seems a combination is in order, but the philosophy
that you should assume that any sophisticated cracker will get to read
them still should apply.
-- 
Brad Templeton, Looking Glass Software Ltd.  --  Waterloo, Ontario 519/884-7473