Information Technology > TrueCrypt and SVN: security concerns for password files

TrueCrypt and SVN: security concerns for password files

By LEONARD MCGAVIN
Published: October 25, 2009

TrueCrypt and SVN (Subversion) do work well together with a few tweaks - especially for password files. Firstly though, the implications of combining the two should be well understood.

Password Files

Perhaps the most common use for combining the applications is to store files containing password lists. This is can be a great way to have a high level of crypto security behind a password file while incorporating it into a backup system. The greatest thing about this method is that it is convenient; if you are already using SVN for a project you don't need to maintain another backup procedure.

The convenience however does come at a cost...

Breach of the TrueCrypt key for the password file

What goes in the repository stays in the repository. If the key is breached, the security of the file becomes just a wee bit of a mess. Security is then limited by access to the password file. This is last thing you want to rely on as you always have to assume access to the file is easy to obtain - especially if it is a large project with many people who have access to the repo.

If there is a breach you will want to make the details in the repo completely redundant hence all passwords in the file will need to be changed.

Perhaps an obvious point but worth noting; a new key will be needed for the volume or a new volume with a new key will need to be created to ensure future security.

Drop a comment if you've found TrueCrypt and SVN to work well or alternatively, if they have become a security nightmare...

Any Comments?


More...

» Bigfoot Hostel, Leon - Don't Expect Service With a Smile

TrueCrypt and SVN: commit issues

By LEONARD MCGAVIN
Published: October 25, 2009

A solution for the commit issues with TrueCrypt and SVN.

Google Chrome OS and the Google Ideology

By LEONARD MCGAVIN
Published: July 9, 2009

Google's releases continue to follow the pattern of trying to make the web the ultimate development platform. They also seem to be using the power of open source and the race-to-free to squeeze any major competitors out of the market.