On Fri, 2005-07-29 at 01:00, "Martin v. Löwis" wrote:
Barry Warsaw wrote:
We won't use plain text, but we may (or, we currently do) use basic auth over ssl. The security then is in the passwords, so we have to make sure they're generated securely.
That (sort of) *is* plain text passwords. Somebody who took over svn.python.org can get the password. In public-key or digest authentication, this won't be possible.
Actually, the passwords are still hashed in the file, so they wouldn't be able to extract the plain text password. They definitely are vulnerable to brute force attack, though probably not to a dictionary attack. In practice I've been using a password generated based on os.urandom() -- we generate the password and get it to the Subversion user via a "secure route" <heh>. I'd be happy to share my password generation script with anybody who wants to audit it.
Public/private keys would be better, and if anybody knows how to set up a Subversion server to use these without having to create accounts for everyone, I think we (the pythong.org admins) would love your help.