Xref: utzoo comp.sys.atari.st:14330 comp.sys.apple:10437 comp.sys.mac:27519 comp.sys.ibm.pc:25411
Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!uflorida!ukma!tut.cis.ohio-state.edu!rutgers!att!chinet!saj
From: saj@chinet.chi.il.us (Stephen Jacobs)
Newsgroups: comp.sys.atari.st,comp.sys.apple,comp.sys.mac,comp.sys.ibm.pc
Subject: Re: Right of reply, virus- public, private- a thin line
Summary: Consider UNIX password encryption
Message-ID: <7835@chinet.chi.il.us>
Date: 28 Feb 89 15:07:03 GMT
References: <699@orbit.UUCP> <15139@cup.portal.com>
Followup-To: comp.sys.atari.st
Organization: Chinet - Chicago, Ill.
Lines: 13


In general, I agree with the philosophy of publicising the UNIX password
encryption algorithm: if it can't be made secure enough to resist a
determined attack, publicise it so nobody will have a false sense of 
security.  Likewise the philosophy of having a 'crash' command in the
incompatible time sharing system: if there's no challenge in causing
mischief, why bother.  On the other hand, if George Woodside has to promise
absolutely no disclosure in order to get samples of viruses, that's no
problem.  Whatever it takes to make people feel comfortable.  As an aside:
judging by recent discussion in news.admin, 90+% of UNIX systems are       
vulnerable to the mkdir trick.  Practically nobody uses it because it's 

no fun.