> While I agree in principle, I don't quite like the tone here. I agree, I apologize for the excessively negative tone. I think RL (and unrelated) agitation affected my writing and word choice. I've taken steps to prevent that from happening again (via magic of self-censoring software).
> But I liked your password, though. ;-) Thanks! ^_^ > For that to be as secure as you make it sound, you still need a password > or token. Hopefully a one-time, randomly generated one, but it's still a > password. And it still crosses the wires unencrypted and can thus be > intercepted by a MITM. > > The gain of that approach really is that there's no danger of a user > inadvertently revealing a valuable password. > > The limited life time of the OTP may also make it a tad harder for an > attacker, but given the (absence of) value for an attacker, that's close > to irrelevant. I don't see why a one-time-password is necessary. Just check the headers to verify that the send-path was the same as it was on the original request. Somebody used the phrase "repeat after me" previously. I'll give it a shot too: "Repeat after me": Sending *any* user password (no matter how unimportant /you/ think it is) in the clear is extremely poor practice and should never be done. And, if a password is completely unnecessary, it should not be used. On a side-note (Re: Russ's email and others), I can't believe people are talking about encryption and key distribution algorithms in reference to this topic. - Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Oct 2, 2013, at 3:58 AM, Markus Wanner <mar...@bluegap.ch> wrote: > On 10/02/2013 12:03 AM, Greg wrote: >> Running a mailing list is not hard work. There are only so many things >> one can fuck up. This is probably one of the biggest mistakes that can >> be made in running a mailing list, and on a list that's about software >> security. It's just ridiculous. > > While I agree in principle, I don't quite like the tone here. But I > liked your password, though. ;-) > > And no: there certainly are bigger mistakes an admin of a mailing list > can do. Think: members list, spam, etc.. > >> A mailing list shouldn't have any passwords to begin with. There is no >> need for passwords, and it shouldn't be possible for anyone to >> unsubscribe anyone else. >> >> User: Unsubscribe [EMAIL] -> Server >> Server: Are you sure? -> [EMAIL] >> User@[EMAIL]: YES! -> Server. >> >> No passwords, and no fake unsubscribes. > > For that to be as secure as you make it sound, you still need a password > or token. Hopefully a one-time, randomly generated one, but it's still a > password. And it still crosses the wires unencrypted and can thus be > intercepted by a MITM. > > The gain of that approach really is that there's no danger of a user > inadvertently revealing a valuable password. > > The limited life time of the OTP may also make it a tad harder for an > attacker, but given the (absence of) value for an attacker, that's close > to irrelevant. > > Regards > > Markus Wanner
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
