[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials Caching - Security Guy Not Happy

From: Travis P <svn_at_castle.fastmail.fm>
Date: 2004-08-26 00:20:05 CEST

On Aug 25, 2004, at 3:24 PM, kfogel@collab.net wrote:

> Paul Ossenbruggen <paul.ossenbruggen@convoii.net> writes:
>> Request:
>> That in a new version, in the not too distant future, that the auth
>> directory is encrypted by svn. I mean, it really cool that, we have
>> all these SSL capabilities in svn and this would be the last chink in
>> the armor.
>
> Encrypt it according to what key? A key that the user would then have
> to type in in order to decrypt the data? How inconvenient... Let's
> cache the key...
>
> You see where this leads.

It can lead to something entirely sensible like ssh-agent or AFS tokens.
The key is then cached in memory only (locked, non-pageable memory if
the OS allows for that).

That way
- users only have to occasionally type the password, which may be a
huge improvement over typing it for every svn command
- if someone steals a machine (physical access compromise), unless they
manage to compromise it without every shutting it off or rebooting
(software compromise w/o most advantages that a physical compromise
usually grants), they will be unable to get the keys from memory (for
most practical attackers).
- if someone compromises the disk backups, they don't get the keys.
This is often a huge worry for security people.

The key may remain available in memory to the user indefinitely (until
memory is cleared via, e.g. reboot) or it may expire after a certain
amount of time similar to AFS tokens (this makes security people
happy).

A system like this is more complicated, but would have significant
advantages over what is currently available.

-Travis

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 26 00:20:37 2004

This is an archived mail posted to the Subversion Users mailing list.