Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

What algorithm is used to encrypt password for scm CLI ?

When scm command is used with "-c" option (cache password), then (in case of UNIX), it is stored in $HOME/.jazz-scm/repositories.txt .

- What encryption algorithm is used to create encrypted password ?

This is question from RTC admin person who is verifying security acceptance level of RTC.

1

0 votes



One answer

Permanent link
If I were in that admin's position, the first question I would ask is: does Jazz prevent an attacker with user access to the machine from reading passwords?

In the case of Jazz: yes it does. The Jazz CLI ensures that only the current user has read/write access to the directory (and file) containing the password. So if an attacker compromises account A on the machine, they cannot read the password files of any of the users B, C, or D.

I hope that the admin understands the security implications of on-disk password storage, the differences between obfuscation and encryption, and the importance of filesystem security.

Having said that, the Jazz CLI encodes passwords using DES when it it stored locally.

e

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Jan 12 '11, 12:04 a.m.

Question was seen: 4,606 times

Last updated: Jan 12 '11, 12:04 a.m.

Confirmation Cancel Confirm