[Cryptography] Why is emailing me my password?
Bill Frantz
frantz at pwpconsult.com
Tue Oct 1 18:38:50 EDT 2013
On 10/1/13 at 1:43 PM, markus at bluegap.ch (Markus Wanner) wrote:
>Let's compare apples to apples: even if you manage to actually read the
>instructions, you actually have to do so, have to come up with a
>throw-away-password, and remember it. For no additional safety compared
>to one-time tokens.
Let Mailman assign you a password. Then you don't have to worry
about someone collecting all your mailing list passwords and
reverse engineering your password generation algorithm. You'll
find out what the password is in a month. Save that email so you
can make changes. Get on with life.
Lets not increase the level of user work in cases where there
isn't, in fact, a security problem.
I'm interested in cases where Mailman passwords have been abused.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
More information about the cryptography
mailing list