[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [RFC] - Custom Subversion library for encrypting cached passwords

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: Tue, 16 Sep 2008 10:23:45 -0400

On Tue, Sep 16, 2008 at 10:08 AM, Mark Phippard <markphip_at_gmail.com> wrote:

> So what if we were to write a simple library for our auth system that
> used one of these routines for encrypting data and we allowed the
> "key" to be determined at ./configure time? Something like
> --with-svn-key=MY_S3CR3T_K3Y. Would this be any more secure or is it
> trivial to figure out the key that was used by looking at the binary?

It would likely be pretty easy to write a tool that would extract the
secret key from the binary.


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-09-16 16:23:58 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.