[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Cached client credentials not encrypted on Win2K with Subversion 1.2.3.

From: John Szakmeister <john_at_szakmeister.net>
Date: 2005-12-17 02:22:00 CET

On Friday 16 December 2005 11:16, Phillip Susi wrote:
> Aha, I was still running an older version. I just upgraded to the
> latest and deleted the auth cache and it does now seem to be encrypted.
>
> I still have two questions though:
>
> 1) what exactly is this wincrypt buisiness? As I understand it, EFS
> works by encrypting the file with a random cipher key ( was it 128 bit
> 3des? ) and then encrypts that key using your public RSA key in your
> personal certificate ( as well as the administrator's, so he can recover
> the file ), and the private key in your certificate is encrypted using
> your password. Because of this, even if the administrator resets your
> password, you won't be able to access the file without the original
> password. Is this what wincrypt does, but not to the entire file?

Wincrypt is based off of CryptProtectData(), which encrypts based on your
logon credentials. You can read more about it here:
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptprotectdata.asp>

FWIW, I've reset several people's passwords on my network, and none of them
have ever been prompted to re-enter a password.

> 2) I am using a client certificate to authenticate to the server via
> SSL. Every time I run svn, it prompts me for the password to decrypt my
> certificate's private key. It looks like it does save that password in
> the auth cache, but it won't use it, and prompts me for it again anyhow.
> It still does this in the latest version ( 1.2.3 r15833 ). Is this a
> known bug?

This is out of my domain. Sorry. Hopefully someone else can answer that
question.

-John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Dec 17 02:24:01 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.