mvn --encrypt-master-password : Good practice for choosing ? Which level of privacy should it be?

后端 未结 1 1633
误落风尘
误落风尘 2021-02-13 10:59

I am learning to use maven password encryption capabilities and I would like to know how to choose the parameter . There are two things that I don\'

相关标签:
1条回答
  • 2021-02-13 11:16

    First password is used to generated the master password only, then you can forget it. It is generated using encryption mechanisms and pseudo-random component. As a consequence of that, it should not be possible to decipher it. There is nothing else stored locally than your master password in your security-settings file and it won't be ever prompted or asked again.

    This master password is used to cipher and decipher passwords in your settings file. It has the same value as an user-introduced password, but it is almost impossible to deduce it.

    Then:

    1. There is nothing else stored locally than your master password in your security-settings file and it won't be ever prompted or asked again. All the safety resides in the safety of the security-settings file.

    2. The master password is not really important and you can forget immediately. You can use whatever you want.

    I don't like this approach to protect my password and I would like having a real password cyphering mechanism with a real master password not stored. Public-private key with password strategies seems to be better.

    0 讨论(0)
提交回复
热议问题