[cryptography] Constitutional Showdown Voided as Feds Decrypt Laptop
noloader at gmail.com
Thu Mar 1 17:56:48 EST 2012
On Thu, Mar 1, 2012 at 5:49 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
> On Mar 1, 2012, at 4:33 12PM, Nico Williams wrote:
>> On Thu, Mar 1, 2012 at 3:22 PM, Randall Webmail <rvh40 at insightbb.com> wrote:
>>> From: "Jeffrey Walton" <noloader at gmail.com>
>>>> Perhaps Fricosu reused a password and was on a mailing list using Mailman...
>>> Yeah - what's the deal with Mailman sending the password in clear-text, once a month?
>>> Did anyone really think that was a good idea? Was it a tradeoff between security and help desk support costs? What other reason could there be?
>> Mailman passwords are of very low value.
> Precisely correct. The security mechanism is commensurate with the general
> risk. And if you're running that high-value a mailing list, you simply
> disable that feature.
Low value to whom? Considering all the password reuse, some (such as
the bad guys) would consider the username/password list high value.
More information about the cryptography