[Security-sig] Fwd: List Settings Question
Wes Turner
wes.turner at gmail.com
Mon Sep 25 16:49:03 EDT 2017
These passwords should not be recoverable; because they should be only
stored as a one-way salted hash with n rounds.
Passlib has a number of password hashing functions:
- https://passlib.readthedocs.io/en/stable/
- https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/
Is this fixed in Mailman3?
http://www.list.org/download.html
http://www.list.org/devs.html #security lists:
mailman-security at python.org
as the seclist for mailman.
Mailman 2 src:
https://launchpad.net/mailman
Mailman 3 src:
https://gitlab.com/groups/mailman
On Saturday, September 23, 2017, Steve Barnes <gadgetsteve at live.co.uk>
wrote:
> I personally was very disappointed on signing up to the both this
> mailing list & security-announce to receive back an email containing my
> password in plain text with the promise of the same thing once a month
> unless I changed settings on the mail man site..
>
> I would have thought that a security related list could provide better
> default practices than that!
>
> Is anybody else concerned about the idea?
>
> Steve Barnes.
>
>
>
>
> ---
> This email has been checked for viruses by AVG.
> http://www.avg.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20170925/55ed64da/attachment-0001.html>
More information about the Security-SIG
mailing list