-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/01/2012 06:09 PM, Nico Williams wrote:
> I let mailman generate passwords. And I never use them, much less
> re-use them. Well, I do use them when I need to change e-mail
> addresses, which happens very rarely, and then I start by asking
> mailman to send my my passwords because I don't remember them -- I've
> done this like once in the past decade.
Perhaps mailman should be changed to require you to use its generated
passwords, or better yet, to only generate a password when you ask it
to send you your password, and then invalidate it after a few days. So
it isn't really a password but a "thunk" of limited value.
In this fashion we can be more assured that people aren't re-using
passwords with mailman.
Because... you and I may know better... the manager at the bank where
are money is stored (or the doctors office where are medical records
are located) may not know better... ;-)
-Jeff
- --
_______________________________________________________________________
Jeffrey I. Schiller
MIT Technologist, Consultant, and Cavy Breeder
Cambridge, MA 02139-4307
617.910.0259 - Voice
j...@qyv.net
http://jis.qyv.name
_______________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFPUB+98CBzV/QUlSsRAme0AKD68AevJfdboYC8zd/OeShRtwSS8QCgnRTr
oL3z9rBPfkYy3vPLrSdsQ6M=
=TPD+
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
