Re: Credentials held unencrypted in memory during runtime

On 12.04.2011 18:28, Bob Archer wrote:
>> On Tue, Apr 12, 2011 at 10:54 AM, Stefan Küng
>> <tortoisesvn_at_gmail.com> wrote:
>>> On Tue, Apr 12, 2011 at 16:50, Ron Wilson<ronw.mrmx_at_gmail.com>
>> wrote:
>>>> If this is truly the case, then SVN is not implemted correctly.
>>>> However, that would be for a different mail list.
>>>
>>> So, how should it be implemented?
>>
>> I will assume the algorithm used is strong. Therefore the main
>> sources
>> of weakness would be a fixed key, poor key generation, poor
>> handling
>> of the key or mistakes in implementation.
>
> I expect it uses the windows DPAPI.

It uses CryptProtectData to encrypt the auth data on disk.
But that only means it's encrypted for those who use text editors to
read the files.
A simple app can use CryptUnprotectData to decrypt the files again.

That's not a bug or a security issue, it's by design and correct.
Because the auth cache is there so the user doesn't have to enter that
data every time it's needed. Meaning it must be available without the
user having to enter yet another password, which implies that the
decryption can be done automatically.
So: if it can be decrypted automatically, anyone with a compiler can do it.

If that was a security issue, all browsers have the same issue because
they allow you to save the auth data for websites too.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719145
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].