The mailing list for listmasters using Sympa

[address@concealed]

Hi

Patrick von der Hagen wrote:
> Now I'm not sure wheter sympa should or should not have the ability to
> reset the user-passwords to a random string instead of decrypting the
> original one and sending it out.
>
> Imagine an attacker getting access to a users mailbox, requesting a
> password-reminder, getting the password and deleting the message without
> the user noticing. The attacker would have access to sympa (and possibly
> other accounts of the user "protected" by the same password, without any
> hint to the user. If the password was set to something random, the
> attacker would only gain access to sympa and the user would realise that
> something went wrong, because his old password would have been
> invalidated.
>   
You are right. There are some security issues with symetric password 
encryption. Imagine attacker get access to teh database and to sympa 
cookie parameter. I would be able to decrypt all users password and try 
them in many other applications (we known that many users use only one 
password). Other problem : imagine someone is looking to my screen when 
I receive a password remind from sympa ?

That why we decide to change the way password are managed by Sympa. We 
will store only in fingerprint (md5 or sha1 or ???). When a user lose 
his password, he will request for a password reset and he will received 
a mail with an specific URL. Openning this web page will allow the user 
to choose his new password.

So the password will never be printed.

Hope you will be please with this solution.

Serge