You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by Apache subversion Wiki <co...@subversion.apache.org> on 2012/03/26 15:18:30 UTC
[Subversion Wiki] Trivial Update of "MasterPassphrase" by CMichaelPilato
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.
The "MasterPassphrase" page has been changed by CMichaelPilato:
http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=13&rev2=14
=== High-level notions ===
At a minimum, we'll need:
- * Access to a library for doing string encryption/decryption.
+ * Access to a library for doing string encryption/decryption. Blowfish? 3DES? Something else?
* A mechanism for telling Subversion to use a master passphrase. Probably a runtime configuration variable (`use-master-passphrase`, e.g.).
* A way to know how to find the master passphrase in existing keyring caches. Probably a static string ("Subversion Master Password") or somesuch.
* A means for verifying that a user- or keystore-provided passphrase is the correct one, such as a self-check against a known string. We might want two strings here, actually: one stored in the authn cache files themselves (to verify that the passphrase was the one used for that set of credentials), and one stored in a provider- and realmstring-independent location (to confirm the current master passphrase). The former of those is probably only necessary if the decryption algorithm is able to return valid-looking-yet-wrong results. If, however, the decryption algorithm can detect the attempted use of the wrong secret, we only need the single this-confirms-the-current-master-password known-text string.