Re: [RFC] - Custom Subversion library for encrypting cached passwords

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: Tue, 16 Sep 2008 10:23:45 -0400

On Tue, Sep 16, 2008 at 10:08 AM, Mark Phippard <markphip_at_gmail.com> wrote:

> So what if we were to write a simple library for our auth system that
> used one of these routines for encrypting data and we allowed the
> "key" to be determined at ./configure time? Something like
> --with-svn-key=MY_S3CR3T_K3Y. Would this be any more secure or is it
> trivial to figure out the key that was used by looking at the binary?

It would likely be pretty easy to write a tool that would extract the
secret key from the binary.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-09-16 16:23:58 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: [RFC] - Custom Subversion library for encrypting cached passwords"
Previous message: Mark Phippard: "[RFC] - Custom Subversion library for encrypting cached passwords"
In reply to: Mark Phippard: "[RFC] - Custom Subversion library for encrypting cached passwords"
Next in thread: Stefan Sperling: "Re: [RFC] - Custom Subversion library for encrypting cached passwords"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]