#11220: Remove Blowfish Cipher from FFmpeg Source Code
-----------------------------------+----------------------------------
Reporter: agni | Owner: (none)
Type: defect | Status: new
Priority: important | Component: ffmpeg
Version: 7.1 | Resolution:
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+----------------------------------
Description changed by agni:
Old description:
> I would like to request the removal of the Blowfish cipher from the
> FFmpeg source code.
>
> Reason:Blowfish is an outdated encryption algorithm with several known
> weaknesses, making it less secure compared to modern cryptographic
> algorithms. With the increasing need for stronger security practices,
> continuing to use Blowfish can expose projects that rely on FFmpeg to
> potential vulnerabilities.
> In our project, which uses FFmpeg libraries extensively, we are in the
> process of removing Blowfish-related components due to these security
> concerns. However, it has come to our attention that Blowfish is still
> present within FFmpeg, specifically as part of the libavutil public
> API/ABI and used internally in rtmpcrypt. Removing Blowfish cleanly from
> the FFmpeg codebase will not only enhance the overall security of the
> library but also support projects like ours in avoiding reliance on
> deprecated or insecure encryption methods.
> Affected Areas:
> Public API/ABI of libavutil: The av_blowfish* functions are part of
> libavutil, and their removal could break compatibility for projects using
> these APIs. A careful approach is needed to ensure compatibility for
> downstream projects.
> Internal Usage in rtmpcrypt: Blowfish is used for RTMP encryption within
> the rtmpcrypt module. This dependency requires modification or
> replacement with a more modern encryption algorithm to maintain
> functionality.
> References:
> Relevant Files and Modules:
> libavutil/blowfish.c
> libavutil/blowfish.h
> libavformat/rtmpcrypt.c
> Related Discussions: Communication with FFmpeg developers highlighted
> that Blowfish is part of the public API and that its removal could impact
> backward compatibility. It was noted that removing it without careful
> coordination could lead to breaking changes for any application linked
> with libavutil.
> I request a thorough review of the Blowfish cipher's usage across FFmpeg
> and a coordinated plan for its clean removal or replacement with a more
> secure algorithm. This will ensure continued stability, maintain public
> API compatibility, and align FFmpeg with modern security standards.
> Additional Consideration:Would it be feasible to introduce a compile-time
> configuration option that makes Blowfish support optional within FFmpeg?
> This would allow projects with stricter security requirements to exclude
> Blowfish while preserving backward compatibility for others.
> Thank you for considering this request to improve the security,
> maintainability, and performance of FFmpeg.
New description:
I would like to request the removal of the Blowfish cipher from the FFmpeg
source code.
**Reason:**
Blowfish is an outdated encryption algorithm with several known
weaknesses, making it less secure compared to modern cryptographic
algorithms. With the increasing need for stronger security practices,
continuing to use Blowfish can expose projects that rely on FFmpeg to
potential vulnerabilities.
In our project, which uses FFmpeg libraries extensively, we are in the
process of removing Blowfish-related components due to these security
concerns. However, it has come to our attention that Blowfish is still
present within FFmpeg, specifically as part of the libavutil public
API/ABI and used internally in rtmpcrypt. Removing Blowfish cleanly from
the FFmpeg codebase will not only enhance the overall security of the
library but also support projects like ours in avoiding reliance on
deprecated or insecure encryption methods.
**Affected Areas:**
Public API/ABI of libavutil: The av_blowfish* functions are part of
libavutil, and their removal could break compatibility for projects using
these APIs. A careful approach is needed to ensure compatibility for
downstream projects.
Internal Usage in rtmpcrypt: Blowfish is used for RTMP encryption within
the rtmpcrypt module. This dependency requires modification or replacement
with a more modern encryption algorithm to maintain functionality.
**References:**
Relevant Files and Modules:
libavutil/blowfish.c
libavutil/blowfish.h
libavformat/rtmpcrypt.c
Related Discussions: Communication with FFmpeg developers highlighted that
Blowfish is part of the public API and that its removal could impact
backward compatibility. It was noted that removing it without careful
coordination could lead to breaking changes for any application linked
with libavutil.
I request a thorough review of the Blowfish cipher's usage across FFmpeg
and a coordinated plan for its clean removal or replacement with a more
secure algorithm. This will ensure continued stability, maintain public
API compatibility, and align FFmpeg with modern security standards.
**Additional Consideration:**
Would it be feasible to introduce a compile-time configuration option that
makes Blowfish support optional within FFmpeg? This would allow projects
with stricter security requirements to exclude Blowfish while preserving
backward compatibility for others.
Thank you for considering this request to improve the security,
maintainability, and performance of FFmpeg.
--
--
Ticket URL: <https://trac.ffmpeg.org/ticket/11220#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
_______________________________________________
FFmpeg-trac mailing list
FFmpeg-trac@avcodec.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac
To unsubscribe, visit link above, or email
ffmpeg-trac-requ...@ffmpeg.org with subject "unsubscribe".
