It's all about the answers!

Ask a question

What algorithm is used to encrypt password for scm CLI ?


0
1
Takehiko Amano (1.3k3641) | asked Jan 12 '11, 12:04 a.m.
JAZZ DEVELOPER
When scm command is used with "-c" option (cache password), then (in case of UNIX), it is stored in $HOME/.jazz-scm/repositories.txt .

- What encryption algorithm is used to create encrypted password ?

This is question from RTC admin person who is verifying security acceptance level of RTC.

One answer



permanent link
Evan Hughes (2.4k1118) | answered Jan 13 '11, 11:26 a.m.
JAZZ DEVELOPER
If I were in that admin's position, the first question I would ask is: does Jazz prevent an attacker with user access to the machine from reading passwords?

In the case of Jazz: yes it does. The Jazz CLI ensures that only the current user has read/write access to the directory (and file) containing the password. So if an attacker compromises account A on the machine, they cannot read the password files of any of the users B, C, or D.

I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security.

Having said that, the Jazz CLI encodes passwords using DES when it it stored locally.

e

Your answer


Register or to post your answer.