I think this was discussed before.. but I just can't find any mails about the topic via google, so just asking:
Why in the hell does the lists.openbsd.org stores the passwords in plaintext? how to reproduce the problem have an account at (ex.: misc): http://lists.openbsd.org/ set the password to SOMEPASSWORD and then use the "lost password" function to get your password and voila', your "SOMEPASSWORD" was sent to your e-mail address in CLEAR! Things against storing passwords in cleartext: - if the server is compromised, all the passwords will be out.. there are always idiots that use the same password for everywhere.. - http://plaintextoffenders.com/ Solutions: - store the passwords in bcrypt? Thanks!
