[147429] in cryptography@c2.net mail archive
Re: [Cryptography] Why is emailing me my password?
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Oct 1 22:39:26 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 1 Oct 2013 15:38:50 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <524B3400.6010406@bluegap.ch>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/1/13 at 1:43 PM, markus@bluegap.ch (Markus Wanner) wrote:
>Let's compare apples to apples: even if you manage to actually read the
>instructions, you actually have to do so, have to come up with a
>throw-away-password, and remember it. For no additional safety compared
>to one-time tokens.
Let Mailman assign you a password. Then you don't have to worry
about someone collecting all your mailing list passwords and
reverse engineering your password generation algorithm. You'll
find out what the password is in a month. Save that email so you
can make changes. Get on with life.
Lets not increase the level of user work in cases where there
isn't, in fact, a security problem.
I'm interested in cases where Mailman passwords have been abused.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography