[Cryptography] Why is emailing me my password?
Benjamin Kreuter
brk7bx at virginia.edu
Tue Oct 1 12:56:00 EDT 2013
On Tue, 1 Oct 2013 10:28:48 -0400
Greg <greg at kinostudios.com> wrote:
> So, my password, iPoopInYourHat, is being sent to me in the clear by
> your servers.
Two things to keep in mind:
1. The damage one can do to you with knowledge of this password is
beyond minimal. You might have your list subscriptions changed; so
what?
2. The password is sent just in case you forgot it and want to
unsubscribe. Without the password, any troll might unsubscribe you
from the list by simply forging headers. Were this to be encrypted,
you would wind up with the classic problem of lost private keys,
leaving people who forgot their password unable to unsubscribe (at
least in any automated fashion).
-- Ben
--
Benjamin R Kreuter
UVA Computer Science
brk7bx at virginia.edu
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131001/6e102028/attachment.pgp>
More information about the cryptography
mailing list