[Mailman-Developers] Hashing member passwords in config.pck
Barry Warsaw
barry at python.org
Sat Feb 12 15:02:54 CET 2005
On Sat, 2005-02-12 at 02:07, Bob Puff wrote:
> So let me ask this: if we drop passwords for everything but the private
> archives, do we really need to do anything differently than the format
> currently in place? Do they really need to be one-way encrypted? Being able
> to email a forgotten password has its benefits.
It's still worthwhile (in the long run) to hash the passwords. Some
people tend to re-use them, so stealing Mailman passwords can
potentially lead to cascading attacks. Password resets are fine.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20050212/9b77003e/attachment.pgp
More information about the Mailman-Developers
mailing list