What algorithm is used to encrypt password for scm CLI ?
When scm command is used with "-c" option (cache password), then (in case of UNIX), it is stored in $HOME/.jazz-scm/repositories.txt .
- What encryption algorithm is used to create encrypted password ?
This is question from RTC admin person who is verifying security acceptance level of RTC.
- What encryption algorithm is used to create encrypted password ?
This is question from RTC admin person who is verifying security acceptance level of RTC.
One answer
If I were in that admin's position, the first question I would ask is: does Jazz prevent an attacker with user access to the machine from reading passwords?
In the case of Jazz: yes it does.The Jazz CLI ensures that only the current user has read/write access to the directory (and file) containing the password. So if an attacker compromises account A on the machine, they cannot read the password files of any of the users B, C, or D.
I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security.
Having said that, the Jazz CLI encodes passwords using DES when it it stored locally.
e
In the case of Jazz: yes it does.
I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security.
Having said that, the Jazz CLI encodes passwords using DES when it it stored locally.
e