[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Repository Passwords are in clear text?

From: Dirk Schenkewitz <schenkewitz_at_docomolab-euro.com>
Date: 2005-11-16 16:14:32 CET

Greg Thomas wrote:
> On Wed, 16 Nov 2005 14:03:15 +0100, Ryan Schmidt
> <subversion-2005@ryandesign.com> wrote:
>>They use md5 hashing by default on Windows,
>>Netware and TPF, and crypt encryption on all other operating systems,
>>or you can also use sha hashing. None of these are reversible.
> However, MD5 is now easily brute-forceable -
> http://www.rainbowcrack-online.com/
> Greg

Just hot an idea:
How about making it configurable in the client and offer several
obscuring methods:
- none/plain (default - as it is now)
- md5
- blowfish
- crypt
- ...

Just tell the users that the password on the server is obscured by
a specific method and that they must enable that method in the
configuration file, just like they perhaps need to configure to
use a proxy.

Still, no need to change the server.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 16:18:07 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.