>IIRC on a traditional *NIX system, /etc/passwd contains the password in clear >text. ...
The version I used in 1976 at the University of Waterloo, did not. As a matter of fact, we cracked it by running the encryption algorithm against the online dictionary used for a spell check application. (It's common practice, now. It was considered 'inovative' 30 years ago) >The act of giving the auditor a copy (hardcopy or other) would be an audit >violation. ... A colleague nearly lost his job over something similar. We had a special flag byte stored in the user area of source PDS's. This was not well known, and was used to 'prove' the implemented programme came from the staging environment (primitive; worked; home-groan). This Q/A analyst was told (by the boss) to co-operate fully with the auditor. The auditor asked for a 'special' directory listing showing the flag byte. This was not supposed to be distributed outside the department; the analyst gave the auditor the report. The auditor reported him for 'violating security policy'. -teD In God we Trust! All others bring data! -- W. Edwards Deming ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
