[Mailman-Users] Re: encrypted passwords/German "Datenschutzgesetz"
Sven Köhler
skoehler at upb.de
Mon May 19 00:35:36 CEST 2003
> If you encrypt the passwords with any meaningful encryption, then you can't
> mail out password reminders. If, as another option, you use some trivial to
> reverse "encryption" then what's the point?
reverse-encryption? I was talking about MD5,Crypt and such! Does your
linux box do any reverse-encryption? No, it doesn't. Your Linux-box
doesn't even know your password.
It's a common thing to use a "one-way" encryption to store the passwords
(Linux uses Crypt for it's user-password or CryptMD5 like FreeBSD). A
password-reminder wouldn't exist, but it would be possible to reset the
password.
With modern algorithms like FreeBSD's CryptMD5 is takes quite a while to
reverse the encryption (months, years - somethin like that) and
therefor, your password is not "readable" by anybody! even my the
mailman-admin.
this is the way many software products do it (not only german ones).
this is the way mailman should do it as well!
storing plain-text passwords anywhere is bad "style" in my optinion, and
using reversable encryptions is useless as Todd said already.
More information about the Mailman-Users
mailing list