Dear Wiki user, You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.
The "MasterPassphrase" page has been changed by GregStein: http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=14&rev2=15 Comment: Add an initial brain dump on the encrypted storage === High-level notions === At a minimum, we'll need: - * Access to a library for doing string encryption/decryption. Blowfish? 3DES? Something else? + * Access to a library for doing AES-256 encryption/decryption in CBC mode (see below). * A mechanism for telling Subversion to use a master passphrase. Probably a runtime configuration variable (`use-master-passphrase`, e.g.). * A way to know how to find the master passphrase in existing keyring caches. Probably a static string ("Subversion Master Password") or somesuch. * A means for verifying that a user- or keystore-provided passphrase is the correct one, such as a self-check against a known string. We might want two strings here, actually: one stored in the authn cache files themselves (to verify that the passphrase was the one used for that set of credentials), and one stored in a provider- and realmstring-independent location (to confirm the current master passphrase). The former of those is probably only necessary if the decryption algorithm is able to return valid-looking-yet-wrong results. If, however, the decryption algorithm can detect the attempted use of the wrong secret, we only need the single this-confirms-the-current-master-password known-text string. @@ -65, +65 @@ }}} That passphrase will be used to encrypt the credentials when storing them on disk. If no valid master passphrase is obtained, the “save_credentials” callback of the file-based cache provider will fail and the next provider in the chain will be given the opportunity to save the credentials. + === Encrypted Storage === + + The passwords will be encrypted using [[http://en.wikipedia.org/wiki/Advanced_Encryption_Standard|AES-256]] in [[http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29|CBC mode]]. This is a block-oriented, symmetric cipher (16 byte blocks), so some padding will be added/stripped to the plaintext password (a NUL character is fine). + + To prevent dictionary attacks against the encrypted passwords, they will be prefixed with 4 bytes (32 bits) of random data. + + The encryption algorithm requires a 16 byte key (technically, it can also be 24 or 32 bytes), and a 16 byte [[http://en.wikipedia.org/wiki/Initialization_vector|initialization vector]]. More research needed, but one or both of these need to be stored within the block of data encrypted by the master password. The master password decrypts that data block, and the resulting crypt key and IV can decrypt the target password. + == Benefits == * Centralization: Rather than spread repository credentials cross a variety of stores (on-disk, keystores, etc.), we return to a single, easy-to-manage storage solution: the on-disk store in {{{~/.subversion/auth/}}} * Portability: {{{~/.subversion/auth/}}} is portable across computers, allowing users to transfer what could be hundreds of different sets of stored repository credentials to other machines with ease. So long as they employed the same master passphrase on those other machines, or did a one-time passphrase change, they would be able to make use of previously cached credentials.
