Hi On Wed, Oct 02, 2024 at 09:06:46AM +0000, Kumar, Rahul via ffmpeg-devel wrote: > Thank you for the prompt response. > > The primary reason for removing Blowfish from our codebase is to comply with > modern security guidelines and industry standards that discourage the use of > outdated cryptographic algorithms, like Blowfish, due to their > vulnerabilities.
How do you achieve this by removing av_blowfish* ? I mean if you have a list of encryption standards and remove the least secure from the list that makes the choice one has to make more secure (probably) For example if SSL used Blowfish and you removed it that would make it more secure. But if you simply remove av_blowfish*, where is the code that would now use a more secure algorithm ? if you look at rtmpcrypt it supports Blowfish and XTEA so if you removed Blowfish (and fixed the code so it still compiles) you would now use XTEA. I dont think thats an improvment in security thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I am the wisest man alive, for I know one thing, and that is that I know nothing. -- Socrates
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
