Password security - Another idea

[Barry Shein]

>I like some form of shadow passwords as a solution.  Once they're in place,
>you no longer care what the user picks for a password, as long as it's N
>characters long and not the account name.
>
>Keith Bostic

Round and round, and you're not disturbed at the fact that you're now
relying on the unreadability of the shadow file? How many ways are
there to read a read-protected file? How do you know it has been read
by an unauthorized person (or a disgruntled employee)? If you suspect
it has been read what is the appropriate action (I can answer that,
change every password on the system, wotta nuisance.)

I still contend we're all jumping at this shadow password idea because
it's easy to implement and *seems* to improve security, not because it
necessarily does improve security, it just changes the target slightly
without solving the real problem (easy to crack password encryptions.)

I honestly view shadow password files as a wonderful example of
sweeping a problem under the rug.

Note that /usr/lib/uucp/L.sys uses read protection to protect its
passwords, how many people out there know who exactly has obtained a
copy of their L.sys file? (who cares, it's other folks' systems,
right? rrrriiight...)

I say if you use encryption then use encryption, why not just store
the passwords in the clear in this shadow file if we're all so sure
it's secure? Uh huh, just as I thought...

We're setting ourselves up for a fall cause even mediocre hackers will
figure out ways to get a copy of this shadow file.

	-Barry Shein, ||Encore||