[Ffmpeg-devel] SVN challenge response authentication weaknesses
Mon May 29 12:57:20 CEST 2006
On Sun, May 28, 2006 at 11:34:40PM +0300, Ivan Kalvachev wrote:
> CRAM-MD5 is 9 years old technique. Actually it doesn't matter how
> strong your password is. The MD5 could be cracked in reasonable time,
> as MD5 bruteforcers and processor power are quite common these days.
Actually, so what? What can happen to us that can't happen if some
malicious person is granted SVN access? Yes, this may be unlikely but we
should be protected against that anyway.
At most, bad commits could harm someone's reputation, but I doubt this
is a real problem...?
IOW: I question if a hole in SVN authentication is a problem as long as
it isn't exploited regularly.
More information about the ffmpeg-devel