plain text password

Osvaldo Doederlein opinali at
Mon Jul 26 05:10:38 PDT 2010

Well, the encryption secures one link in the chain but not every one.
What if I'm reading my email when some coworker comes by? What if
hackers break into my mail server or (more likely) my home PC?
Cleartext passwords are _always_ wrong, in _any_ circumstance,
including explicit request by the user (that's why any current
security system has a mechanism to authenticate the user by secondary
evidence like access to his email, and reset his password without
disclosing a claimed-as-forgotten password).


2010/7/26 Florian Weimer <fweimer at>:
> * David Stibbe:
>> How come that a mailing list for developers sends me a confirmation
>> email containing the password for my account, chosen by myself, in
>> plain text?
> Huh?  If you actually sniffed on the wire, you'd have noticed that it
> was encrypted.
> --
> Florian Weimer                <fweimer at>
> BFK edv-consulting GmbH
> Kriegsstraße 100              tel: +49-721-96201-1
> D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the lambda-dev mailing list