[Ffmpeg-devel] SVN challenge response authentication weaknesses

Uoti Urpala uoti.urpala
Sun May 28 22:54:47 CEST 2006


On Sun, 2006-05-28 at 23:34 +0300, Ivan Kalvachev wrote:
> CRAM-MD5 is 9 years old technique. Actually it doesn't matter how
> strong your password is. The MD5 could be cracked in reasonable time,
> as MD5 bruteforcers and processor power are quite common these days.

MD5 weaknesses are not really relevant for this use. I don't think there
is an attack better than bruteforcing the password (which can be a
practical attack against CRAM-MD5 though if the passwords are short
enough to be remembered/typed by humans as you can do it offline after
capturing some traffic).






More information about the ffmpeg-devel mailing list