[cryptography] Constitutional Showdown Voided as Feds Decrypt Laptop

Nico Williams nico at cryptonector.com
Thu Mar 1 18:09:03 EST 2012


On Thu, Mar 1, 2012 at 4:56 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>>> Mailman passwords are of very low value.
>>
>>
>> Precisely correct.  The security mechanism is commensurate with the general
>> risk.  And if you're running that high-value a mailing list, you simply
>> disable that feature.
> Low value to whom? Considering all the password reuse, some (such as
> the bad guys) would consider the username/password list high value.

I let mailman generate passwords.  And I never use them, much less
re-use them.  Well, I do use them when I need to change e-mail
addresses, which happens very rarely, and then I start by asking
mailman to send my my passwords because I don't remember them -- I've
done this like once in the past decade.

These are all public mailing lists.  With public archives.  To which
people post unsigned messages.

As for non-public lists, see Steven's reply.

Yeah, mailman passwords are of low value from a security point of view.

Nico
--



More information about the cryptography mailing list