Unless you're running yp, or if your wu-ftpd leaves a core with the password entries still in memory, or sendmail can be used to read any file on the system... Belt *and* suspenders, and a lot more simplicity than wu-ftpd or sendmail offers you. Adam The Deviant wrote: | On Sun, 17 Nov 1996, Adam Shostack wrote: | > The Deviant wrote: | > | On Sat, 16 Nov 1996, Joshua E. Hill wrote: | > | > I'm trying to think of a function to replace UNIX's crypt(3). | > | > My design criteria are as follows: | > | > | Why? UNIX passwords with password shadowing are as secure as any password | > | system is going to get. If your security holes are with passwords, its | > | because your admin is to lazy to install needed security provissions, not | > | because the system of checking passwords is bad. | > | > A longer salt would make running crack against a large | > password file slower. | | While thats all well and good, it shouldn't be necisary. If passwords are | shadowed, one must have root access before one can run crack against the | password list, at which time it is innefective. -- "It is seldom that liberty of any kind is lost all at once." -Hume