[Ffmpeg-devel] SVN challenge response authentication weaknesses

Rich Felker dalias
Mon May 29 18:43:35 CEST 2006

On Mon, May 29, 2006 at 12:57:20PM +0200, Reimar Doeffinger wrote:
> Hi,
> On Sun, May 28, 2006 at 11:34:40PM +0300, Ivan Kalvachev wrote:
> > CRAM-MD5 is 9 years old technique. Actually it doesn't matter how
> > strong your password is. The MD5 could be cracked in reasonable time,
> > as MD5 bruteforcers and processor power are quite common these days.
> Actually, so what? What can happen to us that can't happen if some
> malicious person is granted SVN access? Yes, this may be unlikely but we
> should be protected against that anyway.
> At most, bad commits could harm someone's reputation, but I doubt this
> is a real problem...?

No, bad commits can quietly introduce backdoors in code that looks
innocent. If the developer whose account is uses is away for a few
days they might not even notice the change..


More information about the ffmpeg-devel mailing list