[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ra_svn requires APR_HAVE_RANDOM

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2003-11-18 19:51:44 CET

On Tue, 2003-11-18 at 10:21, Philip Martin wrote:
> c) use some other random generator.
> Option c) might not be possible, if there were an easy way to do it
> then I suppose APR would probably do it already (I'm assuming that
> we need reasonably high quality "randomness" here).

Nah, it doesn't need to be that high-quality. The CRAM-MD5 nonces
should be different each time to prevent replay attacks, but nothing
goes wrong if an attacker can guess the nonce.

I'll look into adding code to do something intelligent when
APR_HAS_RANDOM isn't defined.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Nov 18 19:57:23 2003

This is an archived mail posted to the Subversion Dev mailing list.