[147457] in cryptography@c2.net mail archive
Re: [Cryptography] Why is emailing me my password?
daemon@ATHENA.MIT.EDU (Greg)
Wed Oct 2 10:33:36 2013
X-Original-To: cryptography@metzdowd.com
From: Greg <greg@kinostudios.com>
In-Reply-To: <r422Ps-1075i-390219DC3B1E47F2AF264BC0D8A7A553@Williams-MacBook-Pro.local>
Date: Wed, 2 Oct 2013 10:16:42 -0400
To: Bill Frantz <frantz@pwpconsult.com>
Cc: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5994154564645227193==
Content-Type: multipart/signed; boundary="Apple-Mail=_241C1031-07F5-466B-B334-4005482E34AA"; protocol="application/pgp-signature"; micalg=pgp-sha512
--Apple-Mail=_241C1031-07F5-466B-B334-4005482E34AA
Content-Type: multipart/alternative;
boundary="Apple-Mail=_37EC0383-C90D-44B2-8840-C2DD5D6FC848"
--Apple-Mail=_37EC0383-C90D-44B2-8840-C2DD5D6FC848
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> I'm interested in cases where Mailman passwords have been abused.
"Show me one instance where a nuclear reactor was brought down by an =
earthquake! Just one! Then I'll consider spending the $$ on it!"
--
Please do not email me anything that you are not comfortable also =
sharing with the NSA.
On Oct 1, 2013, at 6:38 PM, Bill Frantz <frantz@pwpconsult.com> wrote:
> On 10/1/13 at 1:43 PM, markus@bluegap.ch (Markus Wanner) wrote:
>=20
>> Let's compare apples to apples: even if you manage to actually read =
the
>> instructions, you actually have to do so, have to come up with a
>> throw-away-password, and remember it. For no additional safety =
compared
>> to one-time tokens.
>=20
> Let Mailman assign you a password. Then you don't have to worry about =
someone collecting all your mailing list passwords and reverse =
engineering your password generation algorithm. You'll find out what the =
password is in a month. Save that email so you can make changes. Get on =
with life.
>=20
> Lets not increase the level of user work in cases where there isn't, =
in fact, a security problem.
>=20
> I'm interested in cases where Mailman passwords have been abused.
>=20
> Cheers - Bill
>=20
> =
-----------------------------------------------------------------------
> Bill Frantz | If the site is supported by | Periwinkle
> (408)356-8506 | ads, you are the product. | 16345 Englewood =
Ave
> www.pwpconsult.com | | Los Gatos, CA =
95032
>=20
> _______________________________________________
> The cryptography mailing list
> cryptography@metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
--Apple-Mail=_37EC0383-C90D-44B2-8840-C2DD5D6FC848
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><blockquote type=3D"cite">I'm interested in cases where Mailman =
passwords have been abused.<br></blockquote><div><br></div>"Show me one =
instance where a nuclear reactor was brought down by an earthquake! Just =
<i>one!</i> Then I'll consider spending the $$ on it!"<div>
<br>--<br>Please do not email me anything that you are =
not comfortable also sharing with the NSA.<br>
</div>
<br><div><div>On Oct 1, 2013, at 6:38 PM, Bill Frantz <<a =
href=3D"mailto:frantz@pwpconsult.com">frantz@pwpconsult.com</a>> =
wrote:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite">On 10/1/13 at 1:43 PM, <a =
href=3D"mailto:markus@bluegap.ch">markus@bluegap.ch</a> (Markus Wanner) =
wrote:<br><br><blockquote type=3D"cite">Let's compare apples to apples: =
even if you manage to actually read the<br>instructions, you actually =
have to do so, have to come up with a<br>throw-away-password, and =
remember it. For no additional safety compared<br>to one-time =
tokens.<br></blockquote><br>Let Mailman assign you a password. Then you =
don't have to worry about someone collecting all your mailing list =
passwords and reverse engineering your password generation algorithm. =
You'll find out what the password is in a month. Save that email so you =
can make changes. Get on with life.<br><br>Lets not increase the level =
of user work in cases where there isn't, in fact, a security =
problem.<br><br>I'm interested in cases where Mailman passwords have =
been abused.<br><br>Cheers - =
Bill<br><br>--------------------------------------------------------------=
---------<br>Bill Frantz | If =
the site is supported by | Periwinkle<br>(408)356-8506 =
| ads, you are the product. =
| 16345 Englewood Ave<br><a =
href=3D"http://www.pwpconsult.com">www.pwpconsult.com</a> | =
&n=
bsp; &nbs=
p; | Los Gatos, CA =
95032<br><br>_______________________________________________<br>The =
cryptography mailing list<br><a =
href=3D"mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br=
>http://www.metzdowd.com/mailman/listinfo/cryptography<br></blockquote></d=
iv><br></body></html>=
--Apple-Mail=_37EC0383-C90D-44B2-8840-C2DD5D6FC848--
--Apple-Mail=_241C1031-07F5-466B-B334-4005482E34AA
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCgAGBQJSTCrQAAoJEKFrDougX6FkjkAH/iKX9mCyfVh/dBoCnq3v7BKd
POZhH2Jld3KWdIqEuZLHDj5xphewgaRrnG5P9cT/LC5TrFya/kt+8pqlFusT+J7n
qGV4NX9nXDmpZuUBVqhi0JzbOOcldw2NJe9OR/JhSx7aX6f3UId+22GvZAlGdLXD
Tkdw+ihk27bjeIJ2TSPrMOaNpTFksSin3FVtVy91VvTvhDcWZSa4uUqnYZJMLKIn
wDzgWz/9kBOmHPjLff/PBKS+K4B3+si/DXd/q4qfg5q/5Yq+mLGLdaSp0XlORf2p
fxyII1IDkyOgHQozrBWLxa4JzCvjSlqErTA5PfajtEMAE9kRunGc9CPgl7OGlsY=
=0O4N
-----END PGP SIGNATURE-----
--Apple-Mail=_241C1031-07F5-466B-B334-4005482E34AA--
--===============5994154564645227193==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5994154564645227193==--
