>> As was mentioned before, if you need something that secure, you've other
>> problems to worry about.  Keep the encrypted string secure, and you
>> reduce your trust requriments to your admin staff.

>Your password file should be treated as publically available information
>even if it is not.

I believe the original discussion was how nice it would be to not have
plaintext passwords without crypt() functionality.  Perhaps we should
stick to the pros and cons of that use, and simply design a higher level
of security into the MD5 implementation if we choose that path.  Just a
thought.  :)

--Michael

--
Michael Graff <explorer@vorpal.com>       NetBSD is the way to go!
PGP key on a key-server near you!         Rayshade the world!