[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Credentials held unencrypted in memory during runtime

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Tue, 12 Apr 2011 15:29:40 -0400

> On Apr 12, 2011, at 2:05 PM, Ron Wilson wrote:
> > When the background process starts, a new session key should be
> > generated, then each new entry in the cache should use a salt or
> an
> > initialization vector. The salt or initialization vector for a
> given
> > entry can be stored with the entry. When an entry is needed, the
> > session key and the salt or the initialization vector are used
> > together to decrypt the entry.
>
> How is this supposed to work for the next session? I have these
> entries encrypted with a session key which no longer exists. How do
> I decrypt them now?

I think what he is saying is rather than store the cleartext password store it in memory encrypted for that session.

I still have to agree with a previous poster.. how did he find his password... did he search for his password? I'm not sure a hacker would be able to do that.

BOb

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719187

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-12 21:29:48 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.