On 10/1/13 at 1:43 PM, mar...@bluegap.ch (Markus Wanner) wrote:

Let's compare apples to apples: even if you manage to actually read the
instructions, you actually have to do so, have to come up with a
throw-away-password, and remember it. For no additional safety compared
to one-time tokens.

Let Mailman assign you a password. Then you don't have to worry about someone collecting all your mailing list passwords and reverse engineering your password generation algorithm. You'll find out what the password is in a month. Save that email so you can make changes. Get on with life.

Lets not increase the level of user work in cases where there isn't, in fact, a security problem.

I'm interested in cases where Mailman passwords have been abused.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506 | ads, you are the product. | 16345 Englewood Ave www.pwpconsult.com | | Los Gatos, CA 95032

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Reply via email to