Re: subversion reveals passwords

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Mon, 07 Apr 2008 06:29:07 -0400

Duncan Booth <duncan.booth_at_suttoncourtenay.org.uk> writes:
> That isn't the only option. For example you could store a hash locally and
> transfer a hash of the hash. That way you still aren't sending the stored
> value across the network (and you can use a challenge response system to
> ensure the value which is sent is different every time) but if the stored
> password is leaked the original plaintext password (which may be being used
> for other systems too) isn't compromised.

But then the stored hash becomes, effectively, the plaintext password,
and we are still storing it locally.

(Work it out, you'll see what I mean.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-07 12:29:19 CEST

This message: [ Message body ]
Next message: Ph. Marek: "Re: subversion reveals passwords"
Previous message: Karl Fogel: "Re: Subversion 1.5 issues blocking RC1"
In reply to: Duncan Booth: "RE: subversion reveals passwords"
Next in thread: Ph. Marek: "Re: subversion reveals passwords"
Reply: Ph. Marek: "Re: subversion reveals passwords"
Reply: Duncan Booth: "Re: subversion reveals passwords"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]