Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!uflorida!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn )
Newsgroups: comp.unix.wizards
Subject: Re: How to stop future viruses.
Message-ID: <8861@smoke.BRL.MIL>
Date: 11 Nov 88 00:16:30 GMT
References: <16722@agate.BERKELEY.EDU> <2178@cuuxb.ATT.COM> <16768@agate.BERKELEY.EDU> <17828@glacier.STANFORD.EDU> <2182@cuuxb.ATT.COM>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 13

In article <2182@cuuxb.ATT.COM> dlm@cuuxb.UUCP (Dennis L. Mumaugh) writes:
>As far as the ATT UNIX System V I am not authorized to comment on
>security aspects except to mention that System V Release 3.2 does
>use shadow passwords so brute force decryption is  possible  only
>through  administrator  error.

It would be a great service to the community if specifications for
this feature were posted or at least sent to developers who want
to enable a similar feature on their (typically BSD-based) systems.
For example, what is the shadow file called, what is its format,
what sort of stuff is left in the password field in /etc/passwd,
what facilities are there to validate a password against the
shadow encrypted password file?