You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by Apache subversion Wiki <co...@subversion.apache.org> on 2012/03/30 05:54:36 UTC
[Subversion Wiki] Update of "MasterPassphrase" by DanielShahaf
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.
The "MasterPassphrase" page has been changed by DanielShahaf:
http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=27&rev2=28
Comment:
how does PBKDF2's sibling PBES2 fit in?
* Implementation of built-in encryption mechanisms tied to a "master passphrase" secret key might possibly complicate Subversion's distribution per the export control restrictions placed on such technologies. We need to understand and carefully consider the scope of that complication.
* Is the Subversion codebase -- and the authn subsystem specifically -- capable of handling this sort of approach? (Research continues.)
+ == Questions ==
+ * Since we use [[http://tools.ietf.org/html/rfc2898#section-5.2|PBKDF2]], should we also be using its sibling [[http://tools.ietf.org/html/rfc2898#section-6.2|PBES2]]? Or perhaps we're already doing just that, except for not calling it that?
+
== Compatibility ==
Users with existing on-disk cached credentials will be able to continue using those cached credentials. If the use-master-passphrase configuration bit is enabled, those credentials will be automatically encrypted; otherwise, they will remain in plaintext.