"Bert Huijben \(TCG\)" <b.huijben_at_competence.biz> wrote:
> The current design was chosen to make it possible to only transfer a
> not-decipherable hash over the network.
>
>
> To make it possible to transfer a not-decipherable hash of the
> password over the network a local copy of the password must be
> available, either typed by the user or from some storage backend.
>
> The only other option for password authorization is storing a hash
> locally and transferring that exact same hash. But that would make the
> hash (for the authentication) the password itself.
That isn't the only option. For example you could store a hash locally and
transfer a hash of the hash. That way you still aren't sending the stored
value across the network (and you can use a challenge response system to
ensure the value which is sent is different every time) but if the stored
password is leaked the original plaintext password (which may be being used
for other systems too) isn't compromised.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-07 10:12:30 CEST