[147446] in cryptography@c2.net mail archive
Re: [Cryptography] Why is emailing me my password?
daemon@ATHENA.MIT.EDU (Markus Wanner)
Wed Oct 2 10:25:06 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 02 Oct 2013 07:44:43 +0200
From: Markus Wanner <markus@bluegap.ch>
To: Joshua Marpet <joshua.marpet@guardedrisk.com>
In-Reply-To: <CAC4EX57tR2K8CJgS=XZdULrb_=ijCU+inTmFkxzB=s0J2c_eSg@mail.gmail.com>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/02/2013 12:11 AM, Joshua Marpet wrote:
> Low security environment, minimal ability to inflict damage, clear
> instructions from the beginning.
Agreed.
There certainly are bigger problems on earth. And I really don't mind if
you move on and take care of any of those, first. :-)
> If the system and processes are not to your liking, that's
> understandable. Everyone is different.
Please read my arguments, I'm not opposed to it based on personal
preference. Quite the opposite, I actually like web front-ends better
than email commands. But in this case, I think a mail based OTP solution
is better from a security perspective.
> There are other choices. If you'd like to investigate them, determine
> an appropriate one, and advocate a move to it, that would be welcomed, I
> presume?
I did investigate. And I'm currently using smartlist. Whether or not you
or anybody else "moves" is entirely up to you or them.
If you use mailman, your users better be aware it doesn't follow best
practice regarding password handling, though.
And yes, smartlist certainly has its issues as well. If you know of any,
please let me know as well.
> No offense meant, in any way. Please forgive me if offense is given.
No offense taken. And if it were, you're hereby forgiven. ;-)
Regards
Markus Wanner
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
