[Ffmpeg-devel] SVN challenge response authentication weaknesses

Reimar Doeffinger Reimar.Doeffinger
Mon May 29 12:57:20 CEST 2006

On Sun, May 28, 2006 at 11:34:40PM +0300, Ivan Kalvachev wrote:
> CRAM-MD5 is 9 years old technique. Actually it doesn't matter how
> strong your password is. The MD5 could be cracked in reasonable time,
> as MD5 bruteforcers and processor power are quite common these days.

Actually, so what? What can happen to us that can't happen if some
malicious person is granted SVN access? Yes, this may be unlikely but we
should be protected against that anyway.
At most, bad commits could harm someone's reputation, but I doubt this
is a real problem...?
IOW: I question if a hole in SVN authentication is a problem as long as
it isn't exploited regularly.

Reimar Doeffinger

More information about the ffmpeg-devel mailing list