[Mailman-Users] Re: encrypted passwords/German "Datenschutzgesetz"
skoehler at upb.de
Mon May 19 00:35:36 CEST 2003
> If you encrypt the passwords with any meaningful encryption, then you can't
> mail out password reminders. If, as another option, you use some trivial to
> reverse "encryption" then what's the point?
reverse-encryption? I was talking about MD5,Crypt and such! Does your
linux box do any reverse-encryption? No, it doesn't. Your Linux-box
doesn't even know your password.
It's a common thing to use a "one-way" encryption to store the passwords
(Linux uses Crypt for it's user-password or CryptMD5 like FreeBSD). A
password-reminder wouldn't exist, but it would be possible to reset the
With modern algorithms like FreeBSD's CryptMD5 is takes quite a while to
reverse the encryption (months, years - somethin like that) and
therefor, your password is not "readable" by anybody! even my the
this is the way many software products do it (not only german ones).
this is the way mailman should do it as well!
storing plain-text passwords anywhere is bad "style" in my optinion, and
using reversable encryptions is useless as Todd said already.
More information about the Mailman-Users