[FFmpeg-devel] Fix NTP time in RTCP SR packets

Luca Abeni lucabe72
Tue Feb 19 18:48:54 CET 2008


Hi Michael,

Michael Niedermayer wrote:
[...]
>>>>> Uh, as I understand it, this sends out the local time with usec
>>>>> precision. The server sure as hell does not know that, and it could e.g.
>>>>> be used to guess values if someone uses a stupid random number
>>>>> generator, system/network load and other things.
>>>>> IOW this is one of the things everyone planning a side-channel attack
>>>>> just dreams of.
>>>> Use time/1000*1000 and you loose less information.
>>> If this is ok from the security point of view, I think this is the best
>>> solution... I'll send a patch later
>> And here is the patch...
> 
> You are maintainer of rtpenc.c commit whatever you think is best. That said
> yes iam fine with the patch.

I'll commit this patch tomorrow (sorry for not doing it before, but I am no
expert in security, so I wanted to think a little bit more about the various
issues).


			Thanks,
				Luca




More information about the ffmpeg-devel mailing list