12 Feb
2005
12 Feb
'05
6:02 a.m.
On Sat, 2005-02-12 at 02:07, Bob Puff wrote:
So let me ask this: if we drop passwords for everything but the private archives, do we really need to do anything differently than the format currently in place? Do they really need to be one-way encrypted? Being able to email a forgotten password has its benefits.
It's still worthwhile (in the long run) to hash the passwords. Some people tend to re-use them, so stealing Mailman passwords can potentially lead to cascading attacks. Password resets are fine.
-Barry