If I am storing the Subversion user names and passwords for repository access in a text file in the conf folder, what is the maximum length of the passwords I can use? That is to say, how long can the secrets in the following file be?

harry = harryssecret
sally = sallyssecret
Question author Bernhard-hofmann | Source



If you are using svnserve, it seems to be no limit defined (at least I couldn't find any mention of it). From svn book:

The svnserve server, by default, knows only how to send a CRAM-MD5 authentication challenge. In essence, the server sends a small amount of data to the client. The client uses the MD5 hash algorithm to create a fingerprint of the data and password combined, and then sends the fingerprint as a response. The server performs the same computation with the stored password to verify that the result is identical. At no point does the actual password travel over the network.

IMHO, if MD5 is used then you can use any manageable length for the password.

Answer author Alexandrul

Ask about this question here!