Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!unixhub!stanford.edu!neon.Stanford.EDU!sidana
From: sidana@neon.Stanford.EDU (Ashmeet S Sidana)
Newsgroups: comp.unix.wizards
Subject: Re: Passwords
Message-ID: <1991Apr15.073604.12549@neon.Stanford.EDU>
Date: 15 Apr 91 07:36:04 GMT
References: <14248: Apr1204:14:4891@kramden.acf.nyu.edu> <1991Apr12.120209.21241@mp.cs.niu.edu> <17401:Apr1307:58:0691@kramden.acf.nyu.edu>
Organization: Computer Science Department, Stanford University, Ca , USA
Lines: 17

In article <17401:Apr1307:58:0691@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <1991Apr12.120209.21241@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes:
>>What I have never understood is why the password encryption algorithm doesn't
>> use additional information other than the password - the user name and the
>> machine name (or domain name for YP based networks).  That way anyone who
>> broke one encryption has succeeded only in breaking it for one user on
>> one system.  Sure, this would make life slightly tougher for administrators
>> when propogating accounts to another host.

Ever tried changing the name of a host? You'd have to change all the 
passwords!

I have a disk that boots two different versions of Unix with different
hostnames. What a nightmare in that scheme!

---Ashmeet Sidana
   sidana@cs.stanford.edu