Re: [PATCH] Obfuscate auth info

Quoting Karl Fogel (kfogel@red-bean.com):
> In the meantime, obfuscating the auth data seems like an unambiguous
> win to me:
>
> 1. Organizations that currently don't adopt Subversion because of
> this (and there are some) will now be willing to adopt it. More
> users is good. They understand that it's still cleartext, but
> they want to at least avoid accidental compromises.

You are kind of proving my point here, Karl. If storing a plain text
password is enough to keep users from migrating to subversion,
obfuscation of auth data is clearly perceived (by some decision makers)
as a security benefit at some level, even when it's not one.

If users are willing to complain about storing plain text passwords,
they should be just as willing to complain about obfuscated passwords,
because their concern is probably not "accidental compromises" but the
fact that the password is available at all.

However, because of the perceived benefit of obfuscation, users likely
won't complain or consider alternate authentication methods.

My point is, many users will consider "obfuscation" and "encryption" to
be the same, regardless of what warnings you put into the password
cache.

('recovery' in my previous mail referred to an attacker's ability to
determine a user's password, not the user themselves recovering their
password.)

-- 
I prefer the dark of the night, after midnight and before four-thirty,
when it's more bare, more hollow.                http://a.mongers.org 
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org