Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!samsung!think!barmar
From: barmar@think.com (Barry Margolin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: abolishing /etc/passwd (was Re: anonymous ftp, and the dangers thereof)
Message-ID: <37166@think.Think.COM>
Date: 8 Jun 90 06:07:00 GMT
References: <9006060704.AA02343@WLV.IMSD.CONTEL.COM>
Sender: news@Think.COM
Reply-To: barmar@nugodot.think.com (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 19

In article <9006060704.AA02343@WLV.IMSD.CONTEL.COM> sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz) writes:
>just a "thought" - if the (shadow)file is non-world readable and the
>system is administered "correctly" then why bother with
>encryption at all ;-)

I'm not sure how non-serious that smiley represents.  The serious answer is
that even system administrators should not be able to find out a user's
password.  Sure, they don't need to know the user's password to violate the
user's files.  But if they know someone's password then they could
accidentally (or through coercion) divulge it to someone else.

Also, two levels of protection are better than one: if the file is
accidentally made readable it is still encrypted.
						
--
Barry Margolin, Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar