Re: Repository Passwords are in clear text?

From: Paul Koning <pkoning_at_equallogic.com>
Date: 2005-11-11 20:50:43 CET

>>>>> "Jim" == Jim Correia <jim.correia@pobox.com> writes:

Jim> On Nov 11, 2005, at 11:10 AM, Leon Zandman wrote:
>> I think it would be better to not store passwords, but only their
>> hashes

Jim> In order to not send the cleartext password (or re-usable token,
Jim> which would be equivalent) over the network, svnserve needs the
Jim> local password in cleartext. (The current implementation uses
Jim> cram-md5 challenge response.)

There are ways to avoid that, as in SRP for example. Then again,
there are patent issues that make that problematic for GPL code...

paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 11 20:52:40 2005

This message: [ Message body ]
Next message: Noel Yap: "Re: Repository Passwords are in clear text?"
Previous message: Jim Correia: "Re: Repository Passwords are in clear text?"
In reply to: Jim Correia: "Re: Repository Passwords are in clear text?"
Next in thread: Noel Yap: "Re: Repository Passwords are in clear text?"
Reply: Noel Yap: "Re: Repository Passwords are in clear text?"
Reply: Dirk Schenkewitz: "Re: Repository Passwords are in clear text?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]