On Saturday 13 November 2004 02.07, kfogel@collab.net wrote:
> Branko Čibej <brane@xbc.nu> writes:
> > Oof. I just read the CRAM-MD5 RFC, and it doesn't require you to store
> > cleartext on the server. We could store hashed passwd representations
> > on the server without changing client code. But if someone lifted
> > those hashes off of the server, they'd be able to modify the client to
> > authenticate with the server anyway.
>
> Congratulations, you've just come full circle... as does everyone who
> thinks about CRAM-MD5. The hash becomes the plaintext :-).
Yes, but with a difference : The user supplied password itself is not in the
clear, so someone reading the password file cannot directly use those
passwords to gain access to other systems (say, like ftp accounts). Storing
hashed passwords might help protect other systems from a compromised
Subversion server.
From http://www.faqs.org/rfcs/rfc2831.html (DIGEST-MD5) I see that it's common
to store a hash of username+":"+realm+":"+passwd. Can we not use such a hash
as the "effective" password? This hash will be stored as the password in the
svnserve password file. When the svn client asks the user for a password, it
will genererate a hash that will be sendt to the svnserve as the password.
This generated hash is what will be stored in ~/.subversion/auth/svn.simple.
Again, using this hash is to help protect other systems/repositories.
/Sigfred
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Nov 13 21:10:33 2004