On Saturday 11 December 2004 14:46, Ben Collins-Sussman wrote:
> On Dec 11, 2004, at 1:17 PM, Rainer Pröbster wrote:
[snip]
> Hey Ben Reser -- do you believe me now? Rainer is repeating what I've
> heard over and over: that despite making a file chmod 700, users still
> complain about the fact that "everyone who passes" by the screen can
> read them. This is why I continue to advocate even *trivial* ciphering
> like rot13. I'm tired of hearing this complaint.
I think a trivial encoding would at least be a good starting point.
> Rainer: the problem is cryptograhpically tricky. If the server stores
> hashed passwords (like those in htpasswd, or in /etc/passwd), then
> cleartext passwords must pass over the network. If the server stores
> cleartext passwords, then hashes may pass over the network. So which
> do you prefer? Remember that you can make your password file readable
> only by 1 person. So the tradeoff here is that if you just happen to
> 'cat' the contents of the password file, somebody can look at your
> screen... but in return, the password never travels over the network in
> the clear.
This is a limitation of CRAM-MD5. Could we chose a different algorithm?
FWIW, Windows uses a HASK(HASH(password)+token) type algorithm (well, it
used to before Active Directory started using Kerberos). It stores
HASH(password) in the registry. That way if the network connection goes
down, it will still allow you access to the machine. In this case, your
password never goes cleartext over the machine, and the cached entries
are "encrypted". Although, in this case, having the password hash is the
same as having the password, at least it's more difficult for someone
walking by to remember what it is.
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 12 14:30:36 2004