[Cryptography] Why is emailing me my password?
Greg
greg at kinostudios.com
Wed Oct 2 10:32:25 EDT 2013
> While I agree in principle, I don't quite like the tone here.
I agree, I apologize for the excessively negative tone. I think RL (and unrelated) agitation affected my writing and word choice. I've taken steps to prevent that from happening again (via magic of self-censoring software).
> But I liked your password, though. ;-)
Thanks! ^_^
> For that to be as secure as you make it sound, you still need a password
> or token. Hopefully a one-time, randomly generated one, but it's still a
> password. And it still crosses the wires unencrypted and can thus be
> intercepted by a MITM.
>
> The gain of that approach really is that there's no danger of a user
> inadvertently revealing a valuable password.
>
> The limited life time of the OTP may also make it a tad harder for an
> attacker, but given the (absence of) value for an attacker, that's close
> to irrelevant.
I don't see why a one-time-password is necessary. Just check the headers to verify that the send-path was the same as it was on the original request.
Somebody used the phrase "repeat after me" previously. I'll give it a shot too:
"Repeat after me": Sending *any* user password (no matter how unimportant /you/ think it is) in the clear is extremely poor practice and should never be done.
And, if a password is completely unnecessary, it should not be used.
On a side-note (Re: Russ's email and others), I can't believe people are talking about encryption and key distribution algorithms in reference to this topic.
- Greg
--
Please do not email me anything that you are not comfortable also sharing with the NSA.
On Oct 2, 2013, at 3:58 AM, Markus Wanner <markus at bluegap.ch> wrote:
> On 10/02/2013 12:03 AM, Greg wrote:
>> Running a mailing list is not hard work. There are only so many things
>> one can fuck up. This is probably one of the biggest mistakes that can
>> be made in running a mailing list, and on a list that's about software
>> security. It's just ridiculous.
>
> While I agree in principle, I don't quite like the tone here. But I
> liked your password, though. ;-)
>
> And no: there certainly are bigger mistakes an admin of a mailing list
> can do. Think: members list, spam, etc..
>
>> A mailing list shouldn't have any passwords to begin with. There is no
>> need for passwords, and it shouldn't be possible for anyone to
>> unsubscribe anyone else.
>>
>> User: Unsubscribe [EMAIL] -> Server
>> Server: Are you sure? -> [EMAIL]
>> User@[EMAIL]: YES! -> Server.
>>
>> No passwords, and no fake unsubscribes.
>
> For that to be as secure as you make it sound, you still need a password
> or token. Hopefully a one-time, randomly generated one, but it's still a
> password. And it still crosses the wires unencrypted and can thus be
> intercepted by a MITM.
>
> The gain of that approach really is that there's no danger of a user
> inadvertently revealing a valuable password.
>
> The limited life time of the OTP may also make it a tad harder for an
> attacker, but given the (absence of) value for an attacker, that's close
> to irrelevant.
>
> Regards
>
> Markus Wanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/63cf463d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131002/63cf463d/attachment.pgp>
More information about the cryptography
mailing list