mvn --encrypt-master-password <password> : Good practice for choosing <password>? Which level of privacy should it be?

15
votes

I am learning to use maven password encryption capabilities and I would like to know how to choose the parameter <password>. There are two things that I don't understand:

1) mvn --encrypt-master-password foobar will always give a different encrypted master password.

Since the encrypted master password is always different, I see only two possibilities:

  1. A local property is stored somewhere so that it can be used to decrypt the encrypted master password to get the master password. That means that our encrypted server passwords can only be used locally.
  2. Nothing is stored and the master password is useless and doesn't matter at all.

So, my questions here are:

What is stored locally? Will my master password remain safe? Is there a third possibility I didn't think of?

2) On the maven website, it is written:

Also note that the encrypted passwords can be decrypted by someone that has the master password and settings security file. Keep this file secure (or stored separately) if you expect the possibility that the settings.xml file may be retrieved.

If the settings security file is the thing to protect, why should I bother choosing a strong master password? Can't I just use foobar and keep my settings security file safe?

Also, it looks like someone with the two files (settings security file and settings file) would not need the master password to connect to the maven servers. He could use our identity without knowing the passwords. The master password is "only" needed to decrypt the servers passwords (to get them plain text). But then again, protecting the settings security file should be the way to go and the master password would remain useless.

My questions:

How important is the master password? Have I got to remember it? Can I use a long random phrase and forget it forever?

PS: I couldn't find my answer here.

1
mavenpassword-protectionpassword-encryptionpassword-generator

1 Answers

11
votes

First password is used to generated the master password only, then you can forget it. It is generated using encryption mechanisms and pseudo-random component. As a consequence of that, it should not be possible to decipher it. There is nothing else stored locally than your master password in your security-settings file and it won't be ever prompted or asked again.

This master password is used to cipher and decipher passwords in your settings file. It has the same value as an user-introduced password, but it is almost impossible to deduce it.

Then:

  1. There is nothing else stored locally than your master password in your security-settings file and it won't be ever prompted or asked again. All the safety resides in the safety of the security-settings file.

  2. The master password is not really important and you can forget immediately. You can use whatever you want.

I don't like this approach to protect my password and I would like having a real password cyphering mechanism with a real master password not stored. Public-private key with password strategies seems to be better.