On 5/2/20 1:47 PM, Loren Wilton wrote:
The compromised password is already in plain text in the subject of the message; there isn't much point in hiding it other than embarassment.
What if the email server with the list of plain text passwords is compromised and said list of plain text passwords is released to a wide audience? The list of previous compromised passwords could have been very private (known corporate hack or something like that) and not released to a wide audience.
Now, your list of plain text passwords on the email server is the source of a larger and more public release.
Why have that list of plain text passwords /anywhere/ if you don't have to? -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
