You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by Apache subversion Wiki <co...@subversion.apache.org> on 2012/03/30 05:54:36 UTC

[Subversion Wiki] Update of "MasterPassphrase" by DanielShahaf

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "MasterPassphrase" page has been changed by DanielShahaf:
http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=27&rev2=28

Comment:
how does PBKDF2's sibling PBES2 fit in?

   * Implementation of built-in encryption mechanisms tied to a "master passphrase" secret key might possibly complicate Subversion's distribution per the export control restrictions placed on such technologies. We need to understand and carefully consider the scope of that complication.
   * Is the Subversion codebase -- and the authn subsystem specifically -- capable of handling this sort of approach?  (Research continues.)
  
+ == Questions ==
+  * Since we use [[http://tools.ietf.org/html/rfc2898#section-5.2|PBKDF2]], should we also be using its sibling [[http://tools.ietf.org/html/rfc2898#section-6.2|PBES2]]?  Or perhaps we're already doing just that, except for not calling it that?
+ 
  == Compatibility ==
  Users with existing on-disk cached credentials will be able to continue using those cached credentials.  If the use-master-passphrase configuration bit is enabled, those credentials will be automatically encrypted; otherwise, they will remain in plaintext.