[Mailman-Users] Password reminders
peter.brooks at kchclinics.com
Fri Aug 1 18:11:47 CEST 2014
The installation of mailman that I'm using has the monthly sending of
password reminders as the default setting.
This led to some discussion with members of one of my mailman lists.
It seems very odd that mailman sends clear-text passwords through
e-mail. The use of one-way hashing passwords has been known a long
time - Unix version 6 that came out in 1975 already had crypt that was
used for one-way encryption of passwords.
Does anybody know why mailman stores passwords in clear text?
I imagine that, back in the '90s, when majordomo was written, it
seemed an OK thing to do because nobody thought that all their email
was being read - now that everybody knows that e-mail is entirely
unsafe, it seems odd that mailman still does this.
Are there any plans to tighten the security up?
More information about the Mailman-Users