subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache subversion Wiki <comm...@subversion.apache.org>
Subject [Subversion Wiki] Update of "MasterPassphrase" by DanielShahaf
Date Fri, 30 Mar 2012 03:54:36 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.

The "MasterPassphrase" page has been changed by DanielShahaf:
http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=27&rev2=28

Comment:
how does PBKDF2's sibling PBES2 fit in?

   * Implementation of built-in encryption mechanisms tied to a "master passphrase" secret
key might possibly complicate Subversion's distribution per the export control restrictions
placed on such technologies. We need to understand and carefully consider the scope of that
complication.
   * Is the Subversion codebase -- and the authn subsystem specifically -- capable of handling
this sort of approach?  (Research continues.)
  
+ == Questions ==
+  * Since we use [[http://tools.ietf.org/html/rfc2898#section-5.2|PBKDF2]], should we also
be using its sibling [[http://tools.ietf.org/html/rfc2898#section-6.2|PBES2]]?  Or perhaps
we're already doing just that, except for not calling it that?
+ 
  == Compatibility ==
  Users with existing on-disk cached credentials will be able to continue using those cached
credentials.  If the use-master-passphrase configuration bit is enabled, those credentials
will be automatically encrypted; otherwise, they will remain in plaintext.
  

Mime
View raw message