What algorithm is used to encrypt password for scm CLI ?
When scm command is used with "-c" option (cache password), then (in case of UNIX), it is stored in $HOME/.jazz-scm/repositories.txt .
- What encryption algorithm is used to create encrypted password ? This is question from RTC admin person who is verifying security acceptance level of RTC. |
One answer
If I were in that admin's position, the first question I would ask is: does Jazz prevent an attacker with user access to the machine from reading passwords?
In the case of Jazz: yes it does. I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security. Having said that, the Jazz CLI encodes passwords using DES when it it stored locally. e |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.