Dear Wiki user, You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change notification.
The "MasterPassphrase" page has been changed by CMichaelPilato: http://wiki.apache.org/subversion/MasterPassphrase?action=diff&rev1=34&rev2=35 Comment: Trim out irrelevant portions of the IRC transcript. The following IRC conversation occurred in irc.freenode.net ##crypto, and carries some concerns/questions about the planned approach raised by a user therein: {{{ + From irc.freenode.net ##crypto, Wed Jan 09 2012, around 11am EST: - <cmpilato> Hello, all. The Subversion version control system project - is toying with adding an encrypted store for user auth creds (of the - master-password-governed variety). The store would be used only for - auth data -- not file/wire encryption. I'm trying to figure out if - that would force us to do all the fun U.S. ECCN-related registration, - or if that usage is non-controlled. I *think* we'd be exempt under - the terms, but ... I'd feel better with supporting docs from a domain - that ended in ".gov". :-) Any advice (including "Go away -- you're - asking the wrong channel!")? - - <rizlah> hmm - - <rizlah> I doubt it - - <rizlah> If you distribute as source (e.g. linux) and add the - necessary warranty clause - - <rizlah> https://www.kernel.org/ , scroll to the bottom about - cryptographic software [ed: https://www.kernel.org/#crypto] - - <rizlah> iirc this would have been an issue back in the 90s, but - seeing as AES/etc are freely licensed, there isn't much the - governments will / want / can do about it being distributed - - <rizlah> But as always, IANAL (not a lawyer, for those who don't get - it) - - <cmpilato> rizlah: thanks! - - <yfeldblum> cmpilato, why not strong salted hashes instead? - - <yfeldblum> cmpilato, e.g., pbkdf2, iterated hmac-sha256, or bcrypt? <cmpilato> yfeldblum: here's the spec: http://wiki.apache.org/subversion/MasterPassphrase any additional eyes
