Newsgroups: comp.org.eff.talk
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!usenet.ins.cwru.edu!agate!agate!muffy
From: muffy@remarque.berkeley.edu (Muffy Barkocy)
Subject: Re: Student suspended for distributing /etc/passwd
In-Reply-To: jet@karazm.math.uh.edu's message of Sun, 16 Jun 1991 17: 58:16 GMT
Message-ID: <MUFFY.91Jun16145153@remarque.berkeley.edu>
Sender: usenet@agate.berkeley.edu (USENET Administrator)
Organization: Natural Language Incorporated
References: <1637@lehi3b15.csee.Lehigh.EDU>
	<1991Jun16.032125.19880@ddsw1.MCS.COM>
	<1991Jun16.171754.24492@athena.cs.uga.edu>
	<1991Jun16.175816.7079@menudo.uh.edu>
Date: Sun, 16 Jun 1991 22:51:53 GMT
Lines: 19

In article <1991Jun16.175816.7079@menudo.uh.edu> jet@karazm.math.uh.edu (J Eric Townsend) writes:

   Just a note on all of this.  Recently, our department's master key
   (opens all our offices) was stolen.
   [...]

   How is this any different than stealing /etc/passwd from a unix system?

It's guaranteed that the key will open all of the offices; there is no
guarantee that the password file will give access to *any* of the
accounts, much less all of them.  In addition, the only use for the key
is to open the offices; the password file can be used for several things
other than actually "opening" the accounts.  One such use that I have
seen is discovering the percentage of passwords that *are* crackable.

Please don't start flaming about my trying to excuse or justify any
behavior; I'm just answering the question - there *are* differences.

Muffy
