<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><blockquote type="cite">I'm interested in cases where Mailman passwords have been abused.<br></blockquote><div><br></div>"Show me one instance where a nuclear reactor was brought down by an earthquake! Just <i>one!</i> Then I'll consider spending the $$ on it!"<div>
<br>--<br>Please do not email me anything that you are not comfortable also sharing with the NSA.<br>
</div>
<br><div><div>On Oct 1, 2013, at 6:38 PM, Bill Frantz <<a href="mailto:frantz@pwpconsult.com">frantz@pwpconsult.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">On 10/1/13 at 1:43 PM, <a href="mailto:markus@bluegap.ch">markus@bluegap.ch</a> (Markus Wanner) wrote:<br><br><blockquote type="cite">Let's compare apples to apples: even if you manage to actually read the<br>instructions, you actually have to do so, have to come up with a<br>throw-away-password, and remember it. For no additional safety compared<br>to one-time tokens.<br></blockquote><br>Let Mailman assign you a password. Then you don't have to worry about someone collecting all your mailing list passwords and reverse engineering your password generation algorithm. You'll find out what the password is in a month. Save that email so you can make changes. Get on with life.<br><br>Lets not increase the level of user work in cases where there isn't, in fact, a security problem.<br><br>I'm interested in cases where Mailman passwords have been abused.<br><br>Cheers - Bill<br><br>-----------------------------------------------------------------------<br>Bill Frantz | If the site is supported by | Periwinkle<br>(408)356-8506 | ads, you are the product. | 16345 Englewood Ave<br><a href="http://www.pwpconsult.com">www.pwpconsult.com</a> | | Los Gatos, CA 95032<br><br>_______________________________________________<br>The cryptography mailing list<br><a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>http://www.metzdowd.com/mailman/listinfo/cryptography<br></blockquote></div><br></body></html>