Hi, On Thu, Oct 05, 2006 at 02:21:53PM +0400, Potapov Vladislav wrote: > The mail will still contain a "password: <something>" block, just the > way this password is hashed in the maintainer object is > different." > > Then it is NOT improve security much. It does. It takes away the attack angle of breaking CRYPT-PW hash. You are not read to the end again. "In security ALL parts are essential." You lock only one part of the "security" > Using your allegory: Let's put > huge lock on our cardboard door? In security ALL parts are essential. > BEFORE I can use "the day-to-day" operation I should change CRYPT-PW > to MD5-PW. And PERSONALLY I don't need the enhanced in some way but > weak in the other "security". As our members tell us that "crypto is hard!!!!" we can not enforce PGP (which would be a big step) - so security is increased in small steps. And you decided to go against "our members"? Maybe it is useful to tell them back? To educate? To convince BEFORE proposing? Maybe then all members (without changes) will put the most secure algorithms to their data? In other way your proposal will be ... authoritarian. And not from real life... Vladislav Potapov Ru.iiat