"Shadow passwords have been a de facto standard with Linux
distributions for years, and as well as the use of md5 passwords.
However, there are drawbacks to using the traditional shadow
password method, and even md5 is not as secure as it used to be.
One drawback to the shadow password file is that any application
that requires looking up a single shadow password (i.e., your
password) can also look at everyone else's shadow passwords, which
means that any compromised tool that can read the shadow file will
be able to obtain everyone's shadow password.
"There is an alternative to shadow, called tcb, available from
the tcb home page written by the Openwall Project. Migrating to tcb
is fairly straightforward, although it can take a bit of
work..."