[ANN] Encrypted Credential Store for Windows
Gordon Tyler
gordon at doxxx.net
Sat Jan 29 14:18:15 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 1/29/2011 9:00 AM, vila wrote:
> > <host> must be the exact host used in the branch URL that requires
> > authentication.
>
> Is this required by wincrypt ? Does it mean you don't support
> '.example.com' being reusable for 'x.example.com' and 'y.example.com' ?
No, that's just because I'm lazy and haven't bothered to make the host
matching intelligent, yet. ;) I will most likely duplicate the behaviour
of the host matching in authentication.conf.
The encryption doesn't depend on anything (that I give it) but the
password being encrypted. I could supply additional data for entropy but
I'm not sure yet what data that should be. It could be a combination of
the scheme, host and user. I'd have to be careful about the host then so
that it's still usable for multiple hosts covered by one entry as in
your example above.
Ciao,
Gordon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNRCGnAAoJEIrPJfWinA2uZHUH/RCt6o15vENjdTwb/cDogQvI
3Fy7lphvXncNBE9ZGQ6004mS5T72ctGS67stK3snkZG1/MoAya5oWckU5HhiDCfp
gxSFSVV6/vW+CJIl5VMDBEUrbgLd0gikXhEU7uPGeUMsaA7r5DtJSxWOm+MEQkmp
FvOca8WMyq4MXdEIWEqaoBnkG24yCbmTF1zcqYuKxVPKsszVTZPpLdHlQtQHDuqF
nSuuFkxv9youWiDnH/BnLOWQ62gFy/3bawL9ChEhYW+a8ancHatzvbTLMA+n52l5
auUwXD5pi4iF3rYXjEaS9WQbRmgcvzq0XyVoLTs7B1clfiE3uqPtHu+9rx4HME8=
=z6pY
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list