tags:

views:

32

answers:

1
Q: 

Extract TortoiseSVN saved password.

Is there any way to extract credentials saved by TortoiseSVN?

+1  A: 

Based on the info below it sounds like you could possible decrypt them locally in some fashion...

UPDATE: Definitive answer from TortiseSVN community

When they're sent over the wire encrypted, they're encrypted using a handshake and/or agreed-upon key at the time of connection.

When they're stored/read locally, they're encrypted/decrypted via the Windows Crypto API which uses a key tied to your Windows account.

The locally-encrypted copy can't be decrypted by the server because the keys are local to your account.

So when you connect (let's say via HTTPS), your client gets the credentials decrypted via the appropriate Windows API, then includes them in the HTTPS transmission. HTTPS encrypts the whole communication between client & server using SSL certificates, not just the credentials.

Aaron  2010-10-07 15:19:56
are you sure that the password is not decrypted at the client end?
Jus12  2010-10-07 15:25:16
Pretty certain...without posting an explicit question to the TortiseSVN folks, here is what I found...http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-dug.html#tsvn-dug-general-auth In addition if it was decrypted client side, then pushed over in plain text to the server it would defeat the purpose. I guess you could send it over via SSH.
Aaron  2010-10-07 15:47:11
but then effectively anyone could send the ciphertext to the server and tortoiseSVN does not provide any additional security by encryption.
Jus12  2010-10-07 16:25:15
True which is why they make it known to delete the auth data from your PC on shutdown or at least in a periodic fashion if that is a concern. If the machine holding the auth data has been compromised then that is not really a TotoriseSVN issue per se.
Aaron  2010-10-07 16:46:20
@Jus12 Polled the TortiseSVN community, check above...
Aaron  2010-10-07 22:51:58
@Jus12, definitive answer from TortiseSVN community...see above...
Aaron  2010-10-08 15:44:23
Thanks for the work. I was hoping there is already a tool for that.
Jus12  2010-10-10 16:26:38

related questions

How do I move a file (or folder) from one folder to another in TortoiseSVN?
How do I use a start commit hook in TortoiseSVN to setup a custom log entry?
Prevent file casing problems in Subversion
Find checkout history for SVN working folder
Can I turn off automatic merging in Subversion?
How to keep Stored Procedures and other scripts in SVN/Other repository?
Can I have TortoiseSVN auto-add files?
Better Merge Tool for Subversion
Best tools for code reviews
How do you move a file in SVN?
How do I change the default author for accessing a local SVN repository?
How do I download code using SVN/Tortoise from Google Code?
How to Turn Off Sounds in Turtoise SVN
Is there anything like TortoiseCVS and TortoiseSVN for git?
TortoiseSVN side-by-side configuration is incorrect
Best way to deploy subversion (SVN) in a multisite windows environment
TortoiseSVN & Putty very slow
Can I make Subversion + TortoiseSVN case-insensitive for Windows?
VisualSVN undelete with TortoiseSVN
Resharper and TortoiseSVN
Shelve in TortoiseSVN?
Making a production build of a PHP project with Subversion
Best SVN Client Ignore Pattern for VB.NET Solutions?
Integrating Fogbugz with TortoiseSVN with no URL/Subversion backend
Good branch/merge tutorials for Tortoise SVN?