Path: utzoo!utgpu!water!watmath!clyde!rutgers!rochester!bbn!husc6!cmcl2!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <7306@brl-smoke.ARPA>
Date: 21 Feb 88 12:11:36 GMT
References: <731@ddsw1.UUCP> <203@tijc02.UUCP> <2861@pitt.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Distribution: na
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 19

The reason for letting users select their own passwords, apart from
eliminating the opportunity for someone else to record what they are,
is that they will choose passwords they can remember.  Otherwise, you
can bet that they'll be written down on little slips of paper, left
in desk drawers or written on the desktop pad, etc.  Security is
actually enhanced by allowing users to pick ones they can remember.
Combine this with instructions not to choose something easy for an
intruder to guess, such as one's car license plate number, and that
is good enough.

But you still need to get those encrypted passwords OUT of the
publicly-readable /etc/passwd file (replace them with an *).
They should be in a separate file that only trusted processes
can access for limited purposes (validating and changing the
password).  Such processes must be designed to take a fair amount
of time, to make it infeasible to use them to probe the hidden
file.  Such an approach keeps a program like the one recently
posted from working, while not affecting those programs that
get other user information from /etc/passwd.