[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Encrypting ~/.subversion/auth on Windows

From: <kfogel_at_collab.net>
Date: 2004-11-15 17:25:52 CET

Branko ╚ibej <brane@xbc.nu> writes:
> Er, pray tell, how is this different from storing cleartext passwords
> on the server, as we're doing now? If client and server both start
> with the same hash, it's as if the hash were the cleartext password.

The benefit is that if the hash gets compromised, at least the
person's real (plaintext) password isn't revealed -- so if they're
using that same password for other systems, then at least those
systems have not been compromised.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Nov 15 19:22:46 2004

This is an archived mail posted to the Subversion Dev mailing list.