[cryptography] Constitutional Showdown Voided as Feds Decrypt Laptop

Steven Bellovin smb at cs.columbia.edu
Thu Mar 1 17:49:09 EST 2012


On Mar 1, 2012, at 4:33 12PM, Nico Williams wrote:

> On Thu, Mar 1, 2012 at 3:22 PM, Randall  Webmail <rvh40 at insightbb.com> wrote:
>> From: "Jeffrey Walton" <noloader at gmail.com>
>>> Perhaps Fricosu reused a password and was on a mailing list using Mailman...
>> 
>> Yeah - what's the deal with Mailman sending the password in clear-text, once a month?
>> 
>> Did anyone really think that was a good idea?  Was it a tradeoff between security and help desk support costs?   What other reason could there be?
> 
> Mailman passwords are of very low value.


Precisely correct.  The security mechanism is commensurate with the general
risk.  And if you're running that high-value a mailing list, you simply
disable that feature.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list