Re: [PATCH] Change default "store-passwords" policy to "no"

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2007-10-11 21:40:42 CEST

On Oct 11, 2007 12:10 PM, Jack Repenning <jrepenning@collab.net> wrote:
> Tangenting back off the original proposal, seems like it would be a
> far more useful investment of time to enable encrypted storage on
> *nix when OpenSSL is available.

I don't think you could even design a truly secure encrypted storage
with OpenSSL that doesn't require prompting the user for a password
every time or have a long-lived process that knows the store's
password (which requires the password once per that process). At
best, you can create an agent daemon that communicates over IPC (like
ssh-agent); but that's been discussed for years and not a single soul
has ever deemed it worth implementing.

Note that I'm very very much against a 'fake' crypto approach being
stored on disk. -- justin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 11 21:40:53 2007

This message: [ Message body ]
Next message: Travis P: "Re: [PATCH] Change default "store-passwords" policy to "no""
Previous message: Daniel: "Re: r26854 and VS2003 build"
In reply to: Jack Repenning: "Re: [PATCH] Change default "store-passwords" policy to "no""
Next in thread: Travis P: "Re: [PATCH] Change default "store-passwords" policy to "no""

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]