[Mailman-Developers] config.pck password encryptioninconsistencies

Mark Sapiro msapiro at value.net
Thu Dec 9 02:58:40 CET 2004

Dave Dewey wrote:

>Quoting Dave Dewey (ddewey at cyberthugs.com):
>> Here's the issue I can't solve.  It is clear that SOME user passwords in the
>> lists' config.pck file are encrypted, and some aren't.  This is within the
>> SAME config.pck, I'm only running one list.  When using 'dumpdb' to
>> investigate the the users email/passwords, some of the passwords are
>> definitely clear text.  However, others (including all of my own, for
>> various test subscriptions) are encrypted.
>More info:  it appears that only passwords that were chosen at time of
>subscription are encrypted.  If a user then goes in and changes the
>password, it is stored unencrypted in config.pck.

Are you sure they are encrypted and not just encoded (e.g. unicode)?

What do you see in monthly password reminders?

I looked through the code somewhat, particularly the code that produces
password reminders, and I can't see anywhere where there is any
encryption/decryption of passwords going on.

Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Developers mailing list