These passwords should not be recoverable; because they should be only stored as a one-way salted hash with n rounds.
Passlib has a number of password hashing functions: - https://passlib.readthedocs.io/en/stable/ - https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/ Is this fixed in Mailman3? http://www.list.org/download.html http://www.list.org/devs.html #security lists: mailman-secur...@python.org as the seclist for mailman. Mailman 2 src: https://launchpad.net/mailman Mailman 3 src: https://gitlab.com/groups/mailman On Saturday, September 23, 2017, Steve Barnes <gadgetst...@live.co.uk> wrote: > I personally was very disappointed on signing up to the both this > mailing list & security-announce to receive back an email containing my > password in plain text with the promise of the same thing once a month > unless I changed settings on the mail man site.. > > I would have thought that a security related list could provide better > default practices than that! > > Is anybody else concerned about the idea? > > Steve Barnes. > > > > > --- > This email has been checked for viruses by AVG. > http://www.avg.com >
_______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
