Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!crdgw1!sixhub!davidsen
From: davidsen@sixhub.UUCP (Wm E. Davidsen Jr)
Newsgroups: comp.unix.sysv386
Subject: Re: SCO doesn't sell UNIX
Message-ID: <2580@sixhub.UUCP>
Date: 12 Dec 90 04:06:45 GMT
References: <2755CECE.4502@tct.uucp> <2332@cdin-1.UUCP> <1990Dec1.223750.16286@NCoast.ORG> <275A9A50.3F3F@tct.uucp> <531@camco.Celestial.COM>
Reply-To: davidsen@sixhub.UUCP (bill davidsen)
Organization: *IX Public Access UNIX, Schenectady NY
Lines: 20

In article <531@camco.Celestial.COM> bill@camco.Celestial.COM (Bill Campbell) writes:

|                                     Shadow passwords are probably
| a good idea, but unnecessary if you use good passwords in the
| first place (not your spouse's name, birthday...).  Most security
| problems are caused by lazy, incompetent system administrators,
| not by the operating system.

  But if someone can get your encrypted password they can get your real
password, secure or not. It will take longer, but there are enough CPU
cycles floating around to do a brute force crack in a number of places,
on supercomputers or just a gaggle of Suns working over the weekend.

  If they can't get the crypted password they have to crack it on your
machine by trying one at a time.
-- 
bill davidsen - davidsen@sixhub.uucp (uunet!crdgw1!sixhub!davidsen)
    sysop *IX BBS and Public Access UNIX
    moderator of comp.binaries.ibm.pc and 80386 mailing list
"Stupidity, like virtue, is its own reward" -me