[Cryptography] Why is emailing me my password?

Greg greg at kinostudios.com
Wed Oct 2 10:16:42 EDT 2013


> I'm interested in cases where Mailman passwords have been abused.

"Show me one instance where a nuclear reactor was brought down by an earthquake! Just one! Then I'll consider spending the $$ on it!"

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Oct 1, 2013, at 6:38 PM, Bill Frantz <frantz at pwpconsult.com> wrote:

> On 10/1/13 at 1:43 PM, markus at bluegap.ch (Markus Wanner) wrote:
> 
>> Let's compare apples to apples: even if you manage to actually read the
>> instructions, you actually have to do so, have to come up with a
>> throw-away-password, and remember it. For no additional safety compared
>> to one-time tokens.
> 
> Let Mailman assign you a password. Then you don't have to worry about someone collecting all your mailing list passwords and reverse engineering your password generation algorithm. You'll find out what the password is in a month. Save that email so you can make changes. Get on with life.
> 
> Lets not increase the level of user work in cases where there isn't, in fact, a security problem.
> 
> I'm interested in cases where Mailman passwords have been abused.
> 
> Cheers - Bill
> 
> -----------------------------------------------------------------------
> Bill Frantz        | If the site is supported by  | Periwinkle
> (408)356-8506      | ads, you are the product.    | 16345 Englewood Ave
> www.pwpconsult.com |                              | Los Gatos, CA 95032
> 
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/96d630ad/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/96d630ad/attachment.pgp>


More information about the cryptography mailing list