Xref: utzoo alt.security:732 comp.protocols.tcp-ip:11527 alt.sys.sun:936
Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!mcnc!uvaarpa!haven!aplcen!unmvax!sci.ccny.cuny.edu!cucard!dasys1!cooper!phri!sci.ccny.cuny.edu!rpi!zaphod.mps.ohio-state.edu!usc!samsung!uunet!crdgw1!sixhub!davidsen
From: davidsen@sixhub.UUCP (Wm E. Davidsen Jr)
Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun
Subject: Re: anonymous ftp, and the dangers thereof
Message-ID: <789@sixhub.UUCP>
Date: 3 Jun 90 08:28:51 GMT
References: <EMV.90Apr18204600@picasso.math.lsa.umich.edu> <6703@blake.acs.washington.edu> <1990Apr20.192233.4092@utzoo.uucp>
Reply-To: davidsen@sixhub.UUCP (bill davidsen)
Followup-To: alt.security
Organization: *IX Public Access UNIX, Schenectady NY
Lines: 19

In article <1990Apr20.192233.4092@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes:
| In article <6703@blake.acs.washington.edu> mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) writes:
| >... There are lessons to be learned, starting with the
| >abolishment of /etc/passwd and user access to the encryption
| >algorithm.
| 
| Ah yes, good old security-through-obscurity.  Where have we heard that
| before?

  I don't know that I have any objections to shadow password. WHy give
the show away? It's like having L.sys or Systems world readable. I
accept that I can't keep the encryption a secret, so why give the
encrypted passwords away. I don't see what this has to do with
security-through-obscurity here.
-- 
bill davidsen - davidsen@sixhub.uucp (uunet!crdgw1!sixhub!davidsen)
    sysop *IX BBS and Public Access UNIX
    moderator of comp.binaries.ibm.pc and 80386 mailing list
"Stupidity, like virtue, is its own reward" -me