[FFmpeg-trac] #11220(undetermined:new): Remove Blowfish Cipher from FFmpeg Source Code

FFmpeg trac at avcodec.org
Wed Oct 2 12:49:20 EEST 2024 

#11220: Remove Blowfish Cipher from FFmpeg Source Code
-------------------------------------+-------------------------------------
             Reporter:  agni         |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:
  undetermined                       |  unspecified
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 I would like to request the removal of the Blowfish cipher from the FFmpeg
 source code.

 Reason:Blowfish is an outdated encryption algorithm with several known
 weaknesses, making it less secure compared to modern cryptographic
 algorithms. With the increasing need for stronger security practices,
 continuing to use Blowfish can expose projects that rely on FFmpeg to
 potential vulnerabilities.
 In our project, which uses FFmpeg libraries extensively, we are in the
 process of removing Blowfish-related components due to these security
 concerns. However, it has come to our attention that Blowfish is still
 present within FFmpeg, specifically as part of the libavutil public
 API/ABI and used internally in rtmpcrypt. Removing Blowfish cleanly from
 the FFmpeg codebase will not only enhance the overall security of the
 library but also support projects like ours in avoiding reliance on
 deprecated or insecure encryption methods.
 Affected Areas:
 Public API/ABI of libavutil: The av_blowfish* functions are part of
 libavutil, and their removal could break compatibility for projects using
 these APIs. A careful approach is needed to ensure compatibility for
 downstream projects.
 Internal Usage in rtmpcrypt: Blowfish is used for RTMP encryption within
 the rtmpcrypt module. This dependency requires modification or replacement
 with a more modern encryption algorithm to maintain functionality.
 References:
 Relevant Files and Modules:
 libavutil/blowfish.c
 libavutil/blowfish.h
 libavformat/rtmpcrypt.c
 Related Discussions: Communication with FFmpeg developers highlighted that
 Blowfish is part of the public API and that its removal could impact
 backward compatibility. It was noted that removing it without careful
 coordination could lead to breaking changes for any application linked
 with libavutil.
 I request a thorough review of the Blowfish cipher's usage across FFmpeg
 and a coordinated plan for its clean removal or replacement with a more
 secure algorithm. This will ensure continued stability, maintain public
 API compatibility, and align FFmpeg with modern security standards.
 Additional Consideration:Would it be feasible to introduce a compile-time
 configuration option that makes Blowfish support optional within FFmpeg?
 This would allow projects with stricter security requirements to exclude
 Blowfish while preserving backward compatibility for others.
 Thank you for considering this request to improve the security,
 maintainability, and performance of FFmpeg.
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/11220>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list