Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Extract TortoiseSVN saved password

Tags:

svn

tortoisesvn

forgot-password

Short answer: You can use TortoiseSVN Password Decrypter to easily display your cached credentials, including passwords.

Long answer: Here's how the tool works.

The credentials are saved in subdirectories of %APPDATA%\Subversion\auth\. Listed from this previous answer they are:

  • svn.simple contains credentials for basic authentication (username/password)
  • svn.ssl.server contains SSL server certificates
  • svn.username contains credentials for username-only authentication (no password needed)

The first directory is the one of interest. It appears to contain files with names that look like GUIDs; one for each repository for which you've saved credentials.

The passwords in these files are encrypted by the Windows Data Protection API. The tool above uses sample code from Obviex to interface with this API and perform decryption.

In order for it to work, you must have access to the same Windows user account you were running under when you checkmarked the "Save authentication" checkbox. This is because the Windows Data Protection API uses an encryption key that is tied to your Windows account. If you lose this account (or, I believe, if an administrator resets your password) then you will no longer be able to decrypt the passwords (except perhaps by using brute force / a third party tool). Having a new Windows account with the same username/password (or probably even SID's) is not sufficient.


Based on the info below it sounds like you could possible decrypt them locally in some fashion...

UPDATE: Definitive answer from TortiseSVN community

When they're sent over the wire encrypted, they're encrypted using a handshake and/or agreed-upon key at the time of connection.

When they're stored/read locally, they're encrypted/decrypted via the Windows Crypto API which uses a key tied to your Windows account.

The locally-encrypted copy can't be decrypted by the server because the keys are local to your account.

So when you connect (let's say via HTTPS), your client gets the credentials decrypted via the appropriate Windows API, then includes them in the HTTPS transmission. HTTPS encrypts the whole communication between client & server using SSL certificates, not just the credentials.

Related questions

SVN encrypted password store
Folder is locked and I can't unlock it
SVN: Folder already under version control but not comitting?
Proper way to add svn:executable
What does the Subversion status symbol "~" mean?
Automatically remove Subversion unversioned files
git-svn not a git command?
svn : how to create a branch from certain revision of trunk
Commit changes to a different branch than the currently checked out branch with subversion
How to save password when using Subversion from the console
Is there a Subversion command to reset the working copy?
How to see what will be updated from repository before issuing "svn update" command?
Is there a command to list SVN conflicts?
How to ignore SVN folders in WinMerge?
How to migrate/convert from SVN to Mercurial (hg) on windows
Getting "CHECKOUT can only be performed on a version resource" when trying to commit using Eclipse subversive plugin
What is the correct way to restore a deleted file from SVN?
SVN 405 Method Not Allowed
How to change credentials for SVN repository in Eclipse?
Why should I use version control? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!