[cryptography] Constitutional Showdown Voided as Feds Decrypt Laptop

Jeffrey Walton noloader at gmail.com
Thu Mar 1 17:56:48 EST 2012


On Thu, Mar 1, 2012 at 5:49 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
>
> On Mar 1, 2012, at 4:33 12PM, Nico Williams wrote:
>
>> On Thu, Mar 1, 2012 at 3:22 PM, Randall  Webmail <rvh40 at insightbb.com> wrote:
>>> From: "Jeffrey Walton" <noloader at gmail.com>
>>>> Perhaps Fricosu reused a password and was on a mailing list using Mailman...
>>>
>>> Yeah - what's the deal with Mailman sending the password in clear-text, once a month?
>>>
>>> Did anyone really think that was a good idea?  Was it a tradeoff between security and help desk support costs?   What other reason could there be?
>>
>> Mailman passwords are of very low value.
>
>
> Precisely correct.  The security mechanism is commensurate with the general
> risk.  And if you're running that high-value a mailing list, you simply
> disable that feature.
Low value to whom? Considering all the password reuse, some (such as
the bad guys) would consider the username/password list high value.

Jeff



More information about the cryptography mailing list