It's all about the answers!

Ask a question

What algorithm is used to encrypt password for scm CLI ?

Takehiko Amano (1.3k3641) | asked Jan 12 '11, 12:04 a.m.
When scm command is used with "-c" option (cache password), then (in case of UNIX), it is stored in $HOME/.jazz-scm/repositories.txt .

- What encryption algorithm is used to create encrypted password ?

This is question from RTC admin person who is verifying security acceptance level of RTC.

One answer

permanent link
Evan Hughes (2.4k1118) | answered Jan 13 '11, 11:26 a.m.
If I were in that admin's position, the first question I would ask is: does Jazz prevent an attacker with user access to the machine from reading passwords?

In the case of Jazz: yes it does. The Jazz CLI ensures that only the current user has read/write access to the directory (and file) containing the password. So if an attacker compromises account A on the machine, they cannot read the password files of any of the users B, C, or D.

I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security.

Having said that, the Jazz CLI encodes passwords using DES when it it stored locally.


Your answer

Register or to post your answer.