Greg Thomas wrote:
> On Wed, 16 Nov 2005 14:03:15 +0100, Ryan Schmidt
> <subversion-2005@ryandesign.com> wrote:
>
>
>>They use md5 hashing by default on Windows,
>>Netware and TPF, and crypt encryption on all other operating systems,
>>or you can also use sha hashing. None of these are reversible.
>
>
> However, MD5 is now easily brute-forceable -
> http://www.rainbowcrack-online.com/
>
> Greg
Just hot an idea:
How about making it configurable in the client and offer several
obscuring methods:
- none/plain (default - as it is now)
- md5
- blowfish
- crypt
- ...
Just tell the users that the password on the server is obscured by
a specific method and that they must enable that method in the
configuration file, just like they perhaps need to configure to
use a proxy.
Still, no need to change the server.
Dirk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 16:18:07 2005