[147409] in cryptography@c2.net mail archive
Re: [Cryptography] Why is emailing me my password?
daemon@ATHENA.MIT.EDU (Benjamin Kreuter)
Tue Oct 1 13:34:37 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 1 Oct 2013 12:56:00 -0400
From: Benjamin Kreuter <brk7bx@virginia.edu>
To: Greg <greg@kinostudios.com>
In-Reply-To: <C786C135-7784-4BE2-A7E2-141A98B0FE0F@kinostudios.com>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2495099184635518687==
Content-Type: multipart/signed; micalg=PGP-SHA512;
boundary="Sig_/GEdKn88QcnCNp+xvQWWgceL"; protocol="application/pgp-signature"
--Sig_/GEdKn88QcnCNp+xvQWWgceL
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Tue, 1 Oct 2013 10:28:48 -0400
Greg <greg@kinostudios.com> wrote:
> So, my password, iPoopInYourHat, is being sent to me in the clear by
> your servers.
Two things to keep in mind:
1. The damage one can do to you with knowledge of this password is
beyond minimal. You might have your list subscriptions changed; so
what?
2. The password is sent just in case you forgot it and want to
unsubscribe. Without the password, any troll might unsubscribe you
from the list by simply forging headers. Were this to be encrypted,
you would wind up with the classic problem of lost private keys,
leaving people who forgot their password unable to unsubscribe (at
least in any automated fashion).
-- Ben
--=20
Benjamin R Kreuter
UVA Computer Science
brk7bx@virginia.edu
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
--Sig_/GEdKn88QcnCNp+xvQWWgceL
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCgAGBQJSSv6lAAoJEOV0+MnZK9ij4lQP/iKwCQQyAaAhHsSF21Qy81Ar
RZhCiag6WMbW/UfBgiYlDhC9JXzrIN772RGoWIXsUNGmHx2ik5NnMf43UyEzT7cW
cmOnTs55h22ZXn9USL4LZEajpSdhw+lmXyuYnj2cb5KNIjeja20+8/KnX1JgfXJf
f0qhOxxsMHqhbNAyt+rEAjwEcxIznssEPaVctT5jLF3RU6/UgjCz734CDN+bPyLz
mgc3zt2IXTrUPEpazPvjj3QYRJ/SuyUA6QMmYRTmpAR9teGugCacQsYnBUFJUOvY
sD1c/6lZNhlkQ9DfiG06dNAvoHUCY1x6Nv/qCfPpv70afrcDJlMHszDaOocbaJlI
wRZeYd4up5SD0oCxEy2aogRVjze7qQc0f0/KjYQGU8nHo4DhA0re8NctWnaCs6Xv
JAx8icTugVpRL3MbddfmDKEsv55bTWYn7tzYoGmv6DClxozcUovX/+rcx6TPV/0A
+CK7YpiFv6Li/81AEwWxCip5cGLL18n6ZDGx6s4IBYtORpyg1+wrKwUv+lnOX5Yd
/tH6H7LmcCjX1oocz8oM/RPKJI5cN3jVpnfHYpwllxx3HZKgsSTXUNVik8kIpg7N
R7h3TPvEhlKckmLVR8/LGKGgn2IRWoXFCgpKJDQGn8mCpOeda/fDuLHweT8rAh5A
Ptp3Inh7Pj3abKEsNO+o
=QLkZ
-----END PGP SIGNATURE-----
--Sig_/GEdKn88QcnCNp+xvQWWgceL--
--===============2495099184635518687==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2495099184635518687==--
