[Ffmpeg-devel] SVN challenge response authentication weaknesses
Michael Niedermayer
michaelni
Sun May 28 23:55:23 CEST 2006
Hi
On Sun, May 28, 2006 at 11:34:40PM +0300, Ivan Kalvachev wrote:
[...]
> The absence of strong cryptography protection for the svnserve is huge
> drawback. Today when RSA cryptography is widely deployed it is insane
> to use so weak hashing. I have no idea why svn authors haven't
> provided ssl/tls solution yet.
iam curious why every problem has to be attacked with the most complex mess
available ...
why not simply encrypt all communication between server & client with AES
using a _random_ 128bit key which on the client side could be encrypted
with a plaintext password to add a little extra protection in the case
the client gets compromissed ...
also add sequence numbers too all packets to protect against
attacks which involve replaying packets
all passive sniffing should fail as it would require breaking AES
recording and replaying part of the stream would fail due to missmatched
seq numbers which an attacker can not modify or read as they are within
the encrypted area ... not that replaying a stream seems overly dangerous
a man in the middle style attack should fail too as the attacker can
neither make sense of the packets nor generate any valid ones
did i miss something? this seems alot nicer then a SSL/TLS dependancy
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is
More information about the ffmpeg-devel
mailing list