These passwords should not be recoverable; because they should be only
stored as a one-way salted hash with n rounds.

Passlib has a number of password hashing functions:

- https://passlib.readthedocs.io/en/stable/

- https://cryptography.io/en/latest/hazmat/primitives/cryptographic-hashes/


Is this fixed in Mailman3?

http://www.list.org/download.html

http://www.list.org/devs.html #security lists:

mailman-secur...@python.org

as the seclist for mailman.


Mailman 2 src:
https://launchpad.net/mailman

Mailman 3 src:
https://gitlab.com/groups/mailman



On Saturday, September 23, 2017, Steve Barnes <gadgetst...@live.co.uk>
wrote:

> I personally was very disappointed on signing up to the both this
> mailing list & security-announce to receive back an email containing my
> password in plain text with the promise of the same thing once a month
> unless I changed settings on the mail man site..
>
> I would have thought that a security related list could provide better
> default practices than that!
>
> Is anybody else concerned about the idea?
>
> Steve Barnes.
>
>
>
>
> ---
> This email has been checked for viruses by AVG.
> http://www.avg.com
>
_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig

Reply via email to