[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 4145] Master passphrase and encrypted credentials cache

From: Greg Stein <gstein_at_gmail.com>
Date: Mon, 26 Mar 2012 23:23:10 -0400

On Mon, Mar 26, 2012 at 21:05, Branko Čibej <brane_at_apache.org> wrote:
> On 26.03.2012 17:45, Greg Hudson wrote:
>> On 03/26/2012 09:00 AM, C. Michael Pilato wrote:
>>> The on-disk cache will contain everything it does today where
>>> plaintext caching is enabled, save that the password won't be
>>> plaintext, and there will be a bit of known encrypted text (for
>>> passphrase validation).
>> Is it important to be able to locally validate the passphrase?  That
>> property intrinsically enables offline dictionary attacks.
>
> I was going to say the same. When I read "known encrypted text" my hair
> stood on end. :)
>
> You don't need passphrase validation. If the passphase is wrong, then
> the recovered password will be wrong, too. It is bad practice to tell
> people that they used the wrong passphrase, and it's even better if you
> don't even know that it's wrong.

While discussing this on IRC some, I did think of one case where you
want to know they got the correct master passphrase: when they are
updating a server's password. A mis-entry could completely garble the
stored/encrypted contents.

We discussed storing a one-way derivation of the master passphrase
(eg. SHA1 hash), and comparing that when they enter the master
passphrase. That still provides for a dictionary attack on the client
side, looking for the master passphrase. But if you make that function
PBKDF2, then it will become computationally difficult to attack the
passphrase.

Cheers,
-g
Received on 2012-03-27 05:23:47 CEST

This is an archived mail posted to the Subversion Dev mailing list.