> As was mentioned before, if you need something that secure, you've other
> problems to worry about.  Keep the encrypted string secure, and you
> reduce your trust requriments to your admin staff.

I disagree with this statement.  If you rely on your shadowed password
file not being readable for your security you're setting yourself up
for a fall.  What if your system has a flaw which allows arbitrary
files to be read?  What if part of the file leaks in a core file?
What if your security is breached once and only once but your file
is distributed too all the people you love to hate?

Your password file should be treated as publically available information
even if it is not.

> 						Greg A. Woods
> Planix, Inc. <woods@planix.com>; UniForum Canada <woods@uniforum.ca>