How secure is UNIX?
Doug Gwyn
gwyn at smoke.BRL.MIL
Tue Jun 12 16:42:45 AEST 1990
In article <1990Jun10.083006.17475 at athena.mit.edu> jik at athena.mit.edu (Jonathan I. Kamens) writes:
> The elegance of the standard Unix security mechanism is that, given
>well-chosen and moderately-frequently-changed passwords, it doesn't
>*matter* whether or not someone can read the /etc/passwd file, because
>doing so *does not enable them to break the security of your system*,
>at least not in the short term.
While that was reasonably the case when this scheme was first devised,
it is certainly no longer true. Thus, hiding the encrypted passwords
is now necessary for security, and if there are no other security
loopholes that suffices to protect the passwords. Better authentication
schemes are welcome, but until one is widely adopted shadow encrypted
password files plug one of the biggest security gaps.
More information about the Comp.unix.questions
mailing list