[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[RFC] - Custom Subversion library for encrypting cached passwords

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 16 Sep 2008 10:08:15 -0400

Our trunk code includes two nice new options for storing passwords in
an encrypted form on *nix OS. These are the gnome-keyring and kwallet
options. Unfortunately, both of these options suffer from two major
problems that limits their usefulness as a "final" solution to this

1. They both require fairly recent versions of dependencies, so cannot
be easily used on say RHEL 4 as an example, but probably some Unix
derivatives as well.

2. They require a GUI so do not work with working on a remote *nix
host via Terminal.

The latter is obviously the bigger problem. I've posted about this
here [1], and got no response.

There are obviously a number of ways to encrypt and store a string
that are readily available to us to use. My understanding of why we
have not tried this option is that these methods all require providing
some kind of "key" to the encryption routine so that it can be used to
encrypt and decrypt the string. Given that we are open source, this
"key" would be easy for anyone to discover and then write an equally
simple cracker program to decrypt the string.

So what if we were to write a simple library for our auth system that
used one of these routines for encrypting data and we allowed the
"key" to be determined at ./configure time? Something like
--with-svn-key=MY_S3CR3T_K3Y. Would this be any more secure or is it
trivial to figure out the key that was used by looking at the binary?
It seems like if our routine combined this key with the current
username to encrypt the password it would be a reasonably secure
option for storing encrypted passwords that would work in environments
without a GUI. We could still give preference to the gnome and kde
options at runtime if they are available.

[1] = http://svn.haxx.se/dev/archive-2008-09/0162.shtml

Mark Phippard
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-09-16 16:08:30 CEST

This is an archived mail posted to the Subversion Dev mailing list.