* Terri Oda: > First off -- as far as I know, the mailman password generation > algorithm was never intended for significant security. It was intended > to generate nearly-pronouncable (and thus easier to remember) passwords > as a mild deterrent to attackers. I wouldn't really characterize this > is a security bug so much as a design choice that you may or may not > agree with.
Your users disagree. As I wrote in the message forwarded by John, the brute-force attack is entirely pratical and leads to real-world security breaches. > I'm not sure it makes sense to worry about the auto-generated passwords > when we're plaintexting them (and any archive data, and any email) > across the Internet. It does. The Internet is pretty resilent against casual eavesdropping. It takes much more effort to intercept passwords in an email message than to run some script to recover the Mailman-assigned password of a list member whose email address is known. > The idea of sending sensitive data *by unencrypted email* is a bit > crazy. Doesn't mean it's not done, but I don't want to spend a whole > lot of time designing a more secure mailman only to have people > complain that their email still isn't secure. If you're really storing > sensitive documents, maybe you need to look at some PGP extensions to > Mailman as well... Last time I checked, Mailman lables its member-only archives "private", and the implicit promise to keep things posted to the list private is not kept if the software assigns easily guessed to new members. I can only repeat that Mailman's current behavior surprises your users *a* *lot*, and leads to security breaches. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
