[Mailman-Users] Re: encrypted passwords/German "Datenschutzgesetz"

Sven Köhler skoehler at upb.de
Mon May 19 00:35:36 CEST 2003

> If you encrypt the passwords with any meaningful encryption, then you can't
> mail out password reminders.  If, as another option, you use some trivial to
> reverse "encryption" then what's the point?

reverse-encryption? I was talking about MD5,Crypt and such! Does your 
linux box do any reverse-encryption? No, it doesn't. Your Linux-box 
doesn't even know your password.

It's a common thing to use a "one-way" encryption to store the passwords 
(Linux uses Crypt for it's user-password or CryptMD5 like FreeBSD). A 
password-reminder wouldn't exist, but it would be possible to reset the 

With modern algorithms like FreeBSD's CryptMD5 is takes quite a while to 
reverse the encryption (months, years - somethin like that) and 
therefor, your password is not "readable" by anybody! even my the 

this is the way many software products do it (not only german ones).
this is the way mailman should do it as well!

storing plain-text passwords anywhere is bad "style" in my optinion, and 
using reversable encryptions is useless as Todd said already.

More information about the Mailman-Users mailing list