[mothershipper]

Not sure how I feel about the comparison to the shadow passwords file -- the shadow file doesn't contain the raw password, but a hashed version.

If someone steals the shadow password file, they still have quite a bit of computation to do to crack the credential.

[blendergeek]

I'm a little confused here. The author compares S-Cache to 'sudo'. 'sudo' is a command that lets an unprivileged user run a privileged command. S-Cache lets a process access a secret without having to manage it. The process (in a sense) is not _privileged_ enough to see the secret but rather delegates this to S-Cache. The author (as far as I can tell) does not mention the shadow passwords file. Can you explain more?

[antoncohen]

The mention of the shadow file is in the README:

> S-Cache is an SUID-root executable that works by storing the secret in a file that is owned by root and only readable by root. Its security is thus comparable to the security of shadow passwords.

[blendergeek]

Thank you. I didn't notice that before.