Benjamin Pflugmann <benjamin-svn-dev@pflugmann.de> writes:
> Although I am no security expert, I am a bit interested in that topic.
> The claim you made (that a plain text password in a read-protected
> file is equally secure as an encypted one which is only held in plain
> in memory) sounds absurd to me. For a start, the exposure time is not
> the same: The one is always available, even after you deleted it
> (backups), while the other is only available while you are working
> with it (the encrypted form is always avaiable, but let's hope that
> the encryption is good and your passphrase, too).
If the password is stored in memory *encrypted*, then yes, it is more
secure. But it is also less convenient, because now we've introduced
one more passphrase into the user's experience -- so we're no longer
comparing the same things.
If we don't introduce that extra passphrase, then the security is
comparable between the two schemes, though the agent password is
harder to get at, in terms of inconvenience for the attacker.
> As a last word: I do not claim that subversion has to handle
> authentication data as secure as ssh does (although I can see the case
> for this) or that the complexity would be worth it. But I strongly
> resent the idea that storing a plain text password would be equally
> secure.
Sorry, I never meant to claim that storing a plaintext password is the
same as storing an encrypted one. I only meant to say that storing a
plaintext password is the same as storing a plaintext one.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jan 16 06:44:24 2003