SVN accounts: I need your info
Ron
ron at debian.org
Sun Jul 1 02:51:22 PDT 2007
> Robin writes:
> You can get the crypted password by going to http://wxsite.net/crypt.cgi
> and typing in the password you would like to use for accessing the SVN
> server. It will run it through the system's crypt() function and
> display the results.
This is not secure. Your password goes across the net in plaintext.
> Since crypt is a one-way encryption function this allows you to safely
> send the password around without it being known by anybody who happens
> to see the message.
And this is both naive and simply false.
> For example, my info would look like this:
>
> Real Name: Robin Dunn
> Contact Email: robin at alldunn.com
> Current CVS ID: RD
> Crypted password: U1kR3Z6oRcKdw
For example, your password here is: abc123
and it took less than 10ms of cpu time to uncover it.
So you are just lucky that:
a) I'm a nice guy.
b) You probably weren't so stupid as to make this your real password.
If b. is also not true, you should change it and not post the crypt.
Ron
More information about the wx-dev
mailing list