[Cryptography] Why is emailing me my password?
Greg
greg at kinostudios.com
Wed Oct 2 10:16:42 EDT 2013
> I'm interested in cases where Mailman passwords have been abused.
"Show me one instance where a nuclear reactor was brought down by an earthquake! Just one! Then I'll consider spending the $$ on it!"
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
On Oct 1, 2013, at 6:38 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> On 10/1/13 at 1:43 PM, markus at bluegap.ch (Markus Wanner) wrote:
>
>> Let's compare apples to apples: even if you manage to actually read the
>> instructions, you actually have to do so, have to come up with a
>> throw-away-password, and remember it. For no additional safety compared
>> to one-time tokens.
>
> Let Mailman assign you a password. Then you don't have to worry about someone collecting all your mailing list passwords and reverse engineering your password generation algorithm. You'll find out what the password is in a month. Save that email so you can make changes. Get on with life.
>
> Lets not increase the level of user work in cases where there isn't, in fact, a security problem.
>
> I'm interested in cases where Mailman passwords have been abused.
>
> Cheers - Bill
>
> -----------------------------------------------------------------------
> Bill Frantz | If the site is supported by | Periwinkle
> (408)356-8506 | ads, you are the product. | 16345 Englewood Ave
> www.pwpconsult.com | | Los Gatos, CA 95032
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/96d630ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/96d630ad/attachment.pgp>
More information about the cryptography
mailing list