[Ffmpeg-devel] SVN challenge response authentication weaknesses

Uoti Urpala uoti.urpala
Mon May 29 16:22:57 CEST 2006

On Mon, 2006-05-29 at 10:27 +0200, Michael Niedermayer wrote:
> yes, i fully agree, still its an interresting excercise to see where my
> custom scheme fails, you already found one big flaw (the seq num overhead)
> can you find another in my new system? :)

Your new system doesn't have any redundancy in the data stream and so
cannot detect modifications. It might be hard to change a block to a
chosen value, but an attacker can at least change any ECB block to a new
"random" value. It's also slower since you need to do key setup for each
cipher block separately.

More information about the ffmpeg-devel mailing list