SPONSORED LINKS
Of course, it doesn't end there. What about the user database, currently stored in /etc/passwd? The format is flawed, proved by the existence of /etc/shadow and setuid tools for mortals to edit them. Why not make a simple password file which only contains the encrypted password which a user can edit?
Um, the whole purpose of shadow passwords was to _hide_ a user's password hash from other users. Previously, the crypt hash was stored directly in /etc/passwd, as you suggest, and it was responsible for a lot of cracked root accounts on systems where a password change policy was not in place (i.e.: most). It's a lot easier to crack a password within a given amount of time given the hash and the hash function, than by brute forcing a login.

Score:2