[Ffmpeg-devel] SVN challenge response authentication weaknesses

Michael Niedermayer michaelni
Mon May 29 19:26:39 CEST 2006


Hi

On Mon, May 29, 2006 at 07:36:02PM +0300, Uoti Urpala wrote:
> On Mon, 2006-05-29 at 17:19 +0200, Michael Niedermayer wrote:
> > > Your new system doesn't have any redundancy in the data stream and so
> > > cannot detect modifications. It might be hard to change a block to a
> > 
> > you could add a checksum to each messages (not packet) to protect against
> > that ...
> 
> Yes, and then you could just use a secure HMAC for the checksum and skip
> the custom encryption if you don't care about secrecy.

yes but naive HMAC (you didnt specify anything exactly ...) would be
quite vulnerable, you could remove, reorder and duplicate messages as
you like, that combined with the lack of encryption seems like quite
problematic

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is




More information about the ffmpeg-devel mailing list