[Mailman-Developers] config.pck password encryption
inconsistencies
Dave Dewey
ddewey at cyberthugs.com
Thu Dec 9 15:43:35 CET 2004
Quoting Barry Warsaw (barry at python.org):
> Correct. Mailman does not encrypt or hash member passwords, and they
> are stored in the clear in the config.pck file (this is actually not
> good, but it's the way it is). Owner and moderator passwords are
> generally hashed, typically these days with sha1. I have no idea where
> your passwords are getting changed.
Gotcha. I believe that's where I was drawing my erroneous conclusions from.
I only have information about my own passwords, and they are clearly
encrypted since I know what the values are. My own accounts are ALSO all
either owners or moderators, so that explains it perfectly. The rest of the
users passwords were either values I could recognize and therefore were
cleartext passwords or random strings, and it's impossible to tell whether
those are encrypted or just random by simply looking at them. I now assume
they are random.
Thanks for the information! I did see the references to the sha1 encryption
in the code, further drawing me down the wrong path. Case closed...
dave
More information about the Mailman-Developers
mailing list