Re: Repository Passwords are in clear text?

On 15-Nov-05, at 3:57 PM, Dirk Schenkewitz wrote:

> It is by no means any more secure than just
> using the plaintext passwords (or maybe a wee bit, because it will
> take some time to find a password that results in the same md5 value
> when combined with the username and a colon, but to find it is just a
> matter of time)

No you get the correct md5sum immediately by sniffing the network.
Since the same md5sum would always be used for that user it is no
better than sending the password as plaintext.

> - but: the user's password does not need to be stored
> in a well-known place in the repository any more.

I think that's better because that one known place can be protected
from access using the normal OS security and access control mechanisms.

But you are correct, there are fairly easy things that can be done to
fix it. E.g. store the hash of the plaintext password, issue a
challenge from the server with a secure random number, the client
responds with the result of hashing the password hash with the
random number. The server checks that hashing the stored hash with
the random number yields the same value. The data over the wire is
random so sniffing doesn't help that much.

I suspect that the current system does something similar but just
starts with the plainttext password instead of a hash. (I'm not
familiar with this stuff, i.e. cram-md5.)

It can be done, but I wouldn't feel much more secure. If you can't
protect the files on your filesystem from prying eyes you've got
bigger issues in my opinion.

Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Nov 15 23:24:06 2005