[Mailman-Users] Re: encrypted passwords/German "Datenschutzgesetz"

[Sven Köhler]

> If you encrypt the passwords with any meaningful encryption, then you can't
> mail out password reminders.  If, as another option, you use some trivial to
> reverse "encryption" then what's the point?

reverse-encryption? I was talking about MD5,Crypt and such! Does your 
linux box do any reverse-encryption? No, it doesn't. Your Linux-box 
doesn't even know your password.

It's a common thing to use a "one-way" encryption to store the passwords 
(Linux uses Crypt for it's user-password or CryptMD5 like FreeBSD). A 
password-reminder wouldn't exist, but it would be possible to reset the 
password.

With modern algorithms like FreeBSD's CryptMD5 is takes quite a while to 
reverse the encryption (months, years - somethin like that) and 
therefor, your password is not "readable" by anybody! even my the 
mailman-admin.

this is the way many software products do it (not only german ones).
this is the way mailman should do it as well!

storing plain-text passwords anywhere is bad "style" in my optinion, and 
using reversable encryptions is useless as Todd said already.