"JW" == Joachim Werner <joe@iuveno-net.de> writes:
JW> I am really not against encrypted passwords. DC should JW> implement this soon. AFAIK the only reason for passwords not JW> being encrypted yet was that the encryption modules needed JW> were not available for all platforms or so. I'm coming in totally in the middle of this thread, and I only follow this list tangentially, but I thought I'd comment w.r.t. my experience in Mailman. One reason to keep passwords in the clear is to provide a mail-back service when a user forgets his or her password. If you store them in encrypted form, you can't really do this. (You could store user-supplied hints and mail those back, but that doesn't seem to work to well in my experience. I haven't seen any usability studies to say whether that's a useful approach or not.) In Mailman, we keep user passwords in the clear so we can do the monthly password reminders. However, the list admin passwords are kept as a sha1 hash - not in the clear. That means that if a list admin forgets his password, it's up to the site admin to assign them a new password. So far, this has been a workable trade-off. We have the advantage that user passwords don't protect a highly valuable resource; the worst that can happen is that they'll get unsubscribed from a list. Bad, but not catastrophic. List and site admin passwords are more valuable, so they affort a higher degree of security (and necessarily, less convenience). Side note: Mailman doesn't -- by default -- have SSL for its login pages, although I'm aware that some sites have augmented their Mailman installations to provide this. It would probably be a good idea to someday bundled this functionality. Cheers, -Barry