Xref: utzoo sci.crypt:1409 comp.unix.wizards:13613 news.sysadmin:1977
Path: utzoo!attcan!uunet!ncrlnk!ncrcae!hubcap!gatech!bloom-beacon!mit-eddie!killer!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (The Beach Bum)
Newsgroups: sci.crypt,comp.unix.wizards,news.sysadmin
Subject: Re: Yet Another useful paper
Summary: raising the desparation level.
Message-ID: <10215@rpp386.Dallas.TX.US>
Date: 21 Dec 88 00:37:58 GMT
References: <11013@ulysses.homer.nj.att.com> <2308@cuuxb.ATT.COM> <4420@xenna.Encore.COM> <2743@epimass.EPI.COM> <110@microsoft.UUCP> <12750@bellcore.bellcore.com>
Reply-To: jfh@rpp386.Dallas.TX.US (The Beach Bum)
Organization: Big "D" Home for Wayward Hackers
Lines: 18

In article <12750@bellcore.bellcore.com> karn@ka9q.bellcore.com (Phil Karn) writes:
>I too have my doubts about the effectiveness of shadow password files.  My
>fear is that it will make administrators complacent; they'll reason that
>since no one can get at the file, then there's no need to ensure on a
>regular basis that people pick hard-to-guess passwords.

I feel that shadow password files [ and I run one here ... ] raise the
amount of desparation required for an attempt to succeed.  Now, short of
a physical breakin, one would need to sit at a login prompt for quite some
time before getting a password broken.

Before the user didn't even need a shell login to steal the password file,
a UUCP login would have done.  This has been changed ...
-- 
John F. Haugh II                        +-Quote of the Week:-------------------
VoiceNet: (214) 250-3311   Data: -6272  |"Unix doesn't have bugs,
InterNet: jfh@rpp386.Dallas.TX.US       | Unix is a bug"
UucpNet : <backbone>!killer!rpp386!jfh  +--              -- author forgotten --