has introduced a secret cache stored in Redis to solve some performance issues when doing SVN operations.
As this cache is short lived and should allow fast comparison with a secret provided by a user it does not have all the properties of a password storage designed for being long lived.
The secret cache should however do whatever is possible to protect the secrets in the best possible ways. Currently, the cache allows a malicious Redis administrator to be able to see if the secrets are identical or not between users. This should not be possible.