[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFA: Encrypting auth info

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2005-02-16 16:50:21 CET

--On Wednesday, February 16, 2005 4:40 PM +0100 "Branko ?ibej" <brane@xbc.nu>
wrote:

> brane : i'd much rather see a generic API that lets the auth provider
> say, "this bit of data is sensitive, do your best with it"
> brane : on windows, we could use strong encryption
> brane : on most unices, we could eventually be persuaded to ROT-13
> brane : (really, all those who request this do have a point)
> brane : althouth the false-sense-of-security argument still holds, of
> course

And, there is the fundamental problem: we have no way of guaranteeing
cross-platform strong encryption. If Win32 can do this, then just add a
Win32-only provider. Yet, one API that has strong encryption on Win32, but
ROT-13 on Unix is incredibly dangerous. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 16 16:52:23 2005

This is an archived mail posted to the Subversion Dev mailing list.