> Agreed. Personally, I am wondering when Unix will get overhauled so that > these recurring holes (sendmail, crypt<>, etc) will be brought to a > higher level of perfection. Regarding crypt() I would think a one-way > mechanism is the answer, versus having keys that are left around the system. crypt() is a one-way function already. The only known attacks against the UNIX password file are brute force and password guessing. There is no "decryption key". The problems with UNIX encrypted passwords are their length (too short), their construction (no standard utilities for enforcing "good" passwords) and the visibility of the encrypted password on many systems (include in that notion things like Classic-NIS). Those three problems are fixed in various products, freeware and commercial, they just haven't been adopted by all of the vendors so far. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh@rpp386.cactus.org