RE: Credentials held unencrypted in memory during runtime

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Tue, 12 Apr 2011 12:28:27 -0400

> On Tue, Apr 12, 2011 at 10:54 AM, Stefan Küng
> <tortoisesvn_at_gmail.com> wrote:
> > On Tue, Apr 12, 2011 at 16:50, Ron Wilson <ronw.mrmx_at_gmail.com>
> wrote:
> >> If this is truly the case, then SVN is not implemted correctly.
> >> However, that would be for a different mail list.
> >
> > So, how should it be implemented?
>
> I will assume the algorithm used is strong. Therefore the main
> sources
> of weakness would be a fixed key, poor key generation, poor
> handling
> of the key or mistakes in implementation.

I expect it uses the windows DPAPI.

BOb

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719134

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 18:28:35 CEST

This message: [ Message body ]
Next message: Benedict C Shannon: "Newb in distress"
Previous message: Ron Wilson: "Re: Credentials held unencrypted in memory during runtime"
In reply to: Ron Wilson: "Re: Credentials held unencrypted in memory during runtime"
Next in thread: Stefan Küng: "Re: Credentials held unencrypted in memory during runtime"
Reply: Stefan Küng: "Re: Credentials held unencrypted in memory during runtime"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]