I've noticed that the ISP login password is unencrypted in wvdial.conf (password=).

OK - only root can read this - however, what is the point of this being a shadow password if other applications will have it easily readable (albeit by root)?

Is it possible to get wvdial to use an encrypted password?

Well, don't give the root password to untrused people, I don't see what the problem is here. Many programs store passwords in clear text (getmail etc). There is no real security problem here, anyone who can read the file has root access, so has control of the machine anyway. Also, not sure what you mean by "shadow password"? It's a wvdial specific password. This has nothing to do with the shadow passwords used by the system (/etc/shadow).

Dunno, read the documentation. Even if it can, this will provide you with little security (more importantly it may give you a false sense of security, which is worse than no security at all). If the password is encrypted, wvdial will need some way to deencrypt it (assuming your ISP requires the password in plain text, which it probably does), so anyone who can read wvdial.conf could easily use a modified wvdial to reveal the password.

Yes... thank you for that. If you do not know, please don't reply. OTOH: if you can point me to documentation which covers this - please do so. (the man pages, and the wvdial project page, do not.)

Please read: http://geodsoft.com/howto/password/password_basics.htm
... this should fill you in on the finer points of the use of encrypted and shadow passwords.

... encrypted passwords are more secure than unencrypted passwords. Shadow passwords are more secure yet. But it seems to be a bit pointless going to all the trouble of enabling shadow passwords if common applications will routinely have important passwords in plain text.

Root access can be obtained by anyone with physical access to the machine. Shadow passwords are not. Someone can erase the shadow password - true - but that won't help when it comes to a password for an external service like an ISP account.

Excuse me !? This is a public forum, I'll reply to whatever I want. If you want a definitive answer then employ a consultant.

I am fully aquainted with the concepts of shadow passwords, thanks. But you are under a misaprehension, "shadow passwords" refer to the system passwords. They have nothing to do with the password in apps such as wvdial. Apparently you didn't read the rest of my post, so I'll repeat it:

If wvdial had an encrypted password, this would provide no security whatsoever. wvdial would have to be able to deencrypt the password, and anyone who gained root access to your box would be able modify the source to crack your precious password. Keep your box secure and your passwords will be secure (at least, as secure as they can be).

EDIT:
This is an extract from the FAQ for fetchmail:

Ah - now - that is better.
Thanks.

The crucial difference between system shadow passwords and wvdial/fetchmail etc is that the encrypted password in /etc/shadow is never decoded back to plain text. Since your ISP wants a plain text password, wvdial would have to decode it before sending, hence the problems mentioned in the fetchmail FAQ. Even if your ISP could accept an encrypted password, this would make no difference. Then, you'd just be sending your encrypted password, which is no different to sending it in plain text, since anyone who can read your wvdial.conf can see the encrypted password and simply send that.

Yeah - this is an egg--->face situation. probably the 2am effect coupled with the bullhorns of Jamesons downed to cut the phlegm that night. That's my excuse and I'm sticking to it.

To get that wvdial password outathere I need the password=ask option that SUSE added. Then when wvdial receives a password request, I gotta type it in.

Even if the ISP used public/private key encryption - so I send an encrypted password - wvdial would have to have the hash in the password= line anyway ... it dosn't matter that nobody knows the password because it is the hash that counts.

Pass the whiskey.