[147476] in cryptography@c2.net mail archive
Re: [Cryptography] Why is emailing me my password?
daemon@ATHENA.MIT.EDU (Benjamin Kreuter)
Thu Oct 3 09:44:54 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 3 Oct 2013 09:36:02 -0400
From: Benjamin Kreuter <brk7bx@virginia.edu>
To: Greg <greg@kinostudios.com>
In-Reply-To: <1380A94F-2F6F-49CE-99B9-25EDE68E6FDD@kinostudios.com>
Cc: cryptography@metzdowd.com, Bill Frantz <frantz@pwpconsult.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1760410215580055476==
Content-Type: multipart/signed; micalg=PGP-SHA512;
boundary="Sig_/BP_z7ta9C9/DQ3oecxNHuNU"; protocol="application/pgp-signature"
--Sig_/BP_z7ta9C9/DQ3oecxNHuNU
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Wed, 2 Oct 2013 10:16:42 -0400
Greg <greg@kinostudios.com> wrote:
> > I'm interested in cases where Mailman passwords have been abused.
>=20
> "Show me one instance where a nuclear reactor was brought down by an
> earthquake! Just one! Then I'll consider spending the $$ on it!"
Assume for a moment that there are no other systems involved, and
compare the failure of a nuclear power plant to a leaked mailman
password. On its own, a failure at a nuclear power plant can render
tens of thousands of square miles uninhabitable. On its own, a leaked
mailman password causes a few minutes of annoyance.
Really, the issue here is not mailman. Mailman passwords address a
very minor security issue and mailing them in plaintext has no effect
on said security. The real issue is that passwords are being used in
places where security really does matter, and that someone might have
used the same password for mailman as they did for one of those
systems. If you ask me, the problem is not mailman sending out the
passwords, nor the fact that people often use the same password
everywhere; the problem is that passwords are being used to secure
important things.
-- Ben
--=20
Benjamin R Kreuter
UVA Computer Science
brk7bx@virginia.edu
KK4FJZ
--
"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
--Sig_/BP_z7ta9C9/DQ3oecxNHuNU
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBCgAGBQJSTXLHAAoJEOV0+MnZK9ijQVsP/iUTfqk9hLufmqOsJen8d/Ty
XGhdxLJ91J5LjJT2+kejNOj9X3TJsR4Jf1fuZfKKqZJxRkboWguzFO0qXga39y4/
J8C0ZtAg+KYplU5ftvzJr6CAXHuz2iPfigJyOLFoIgyvVnf8swUWeNzsy3/7A8Yr
U/cUMlHVf79sxacnKi17bzRNkYVyMwi+DPHemY2/8/cSYtHp9K8mcWYw1+ctl7qX
CMthLkLSdmfS9uwUZXgPEXREUWummVGNi1Rv5PoYOuLae4mewEgUNeB0y6e3y05z
ejTUbrutHvbgK0XpFxT82qX34rnkk+y7TSn7/ae1aYTK3eYO53RIRG2g6WI3pE2i
hJ4gigpcWZfXHPKalkL9aDS/Axd9o2PEpSIG8VIpdXhgQFeGfcPmUf4WFT9RVXqL
z+AW0IGhbzYR60ceGoxKmyxeGVw4qrGB0wjDcfxEQ8Ap0jsEybEhak4yM6dyyg8T
Du1AQkgC0jWBARJkK7xQT9oSkB9I1pfbCA2mDFsThMBe7l2Qp8Vap1BCdyJEGM42
4srTQl+RM+hqo1UAavt5ag2EmqRbfJ4qPe3lgdXXFKBjPTi+SeNrCkx+p5AintM6
T4oGq+63cc9rtCx9I5Q+IMTF46V6XFydFwqrkxo3TCUEpzE8rByU0jeMItT1lxKy
GxIjfNSdHAYwbnttohQ1
=OplV
-----END PGP SIGNATURE-----
--Sig_/BP_z7ta9C9/DQ3oecxNHuNU--
--===============1760410215580055476==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1760410215580055476==--
