Dear Wiki user, You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.
The "MasterPassphrase" page has been changed by CMichaelPilato: http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=6&rev2=7 * Access to a library for doing string encryption/decryption. * A mechanism for telling Subversion to use a master passphrase. Probably a runtime configuration variable (`use-master-passphrase`, e.g.). * A way to know how to find the master passphrase in existing keyring caches. Probably a static string ("Subversion Master Password") or somesuch. - * A means for verifying that a user- or keystore-provided passphrase is the correct one. Self-check against a known string (stored along with the authn data) seems the most obvious option, here. + * A means for verifying that a user- or keystore-provided passphrase is the correct one, such as a self-check against a known string. We might want two strings here, actually: one stored in the authn cache files themselves (to verify that the passphrase was the one used for that set of credentials), and one stored in a provider- and realmstring-independent location (to confirm the current master passphrase). The former of those is probably only necessary if the decryption algorithm is able to return valid-looking-yet-wrong results. If, however, the decryption algorithm can detect the attempted use of the wrong secret, we only need the single this-confirms-the-current-master-password known-text string. * A means (API functions and binary support) by which to allow users to set/change their master passphrase (re-encrypting their whole cached credential set). Predicted changes to existing constructs:
