On 10/1/13 at 1:43 PM, mar...@bluegap.ch (Markus Wanner) wrote:
Let's compare apples to apples: even if you manage to actually read the
instructions, you actually have to do so, have to come up with a
throw-away-password, and remember it. For no additional safety compared
to one-time tokens.
Let Mailman assign you a password. Then you don't have to worry
about someone collecting all your mailing list passwords and
reverse engineering your password generation algorithm. You'll
find out what the password is in a month. Save that email so you
can make changes. Get on with life.
Lets not increase the level of user work in cases where there
isn't, in fact, a security problem.
I'm interested in cases where Mailman passwords have been abused.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography