It's all about the answers!

Ask a question

What algorithm is used to encrypt password for scm CLI ?


0
1
Takehiko Amano (1.3k3741) | asked Jan 12 '11, 12:04 a.m.
JAZZ DEVELOPER
When scm command is used with "-c" option (cache password), then (in case of UNIX), it is stored in $HOME/.jazz-scm/repositories.txt .

- What encryption algorithm is used to create encrypted password ?

This is question from RTC admin person who is verifying security acceptance level of RTC.

One answer



permanent link
Evan Hughes (2.4k1318) | answered Jan 13 '11, 11:26 a.m.
JAZZ DEVELOPER
If I were in that admin's position, the first question I would ask is: does Jazz prevent an attacker with user access to the machine from reading passwords?

In the case of Jazz: yes it does. The Jazz CLI ensures that only the current user has read/write access to the directory (and file) containing the password. So if an attacker compromises account A on the machine, they cannot read the password files of any of the users B, C, or D.

I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security.

Having said that, the Jazz CLI encodes passwords using DES when it it stored locally.

e

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.