On Mon, Sep 16, 2013 at 05:52:27PM +0000, hru...@gmail.com wrote: > Marc Espie <es...@nerim.net> wrote: > > > A little knowledge is a dangerous thing. > > > > "weakness" in a cryptographic setting doesn't mean *anything* if > > you're using it as a pure checksum to find out accidental errors. > > And now we are back to my starting poit. The checksum is not used > in rsync as a pure checksum to find accidental errors. That was my > critic.
No, it is. Really. Read the papers. Do your homework, check the maths. The attacks against crypto checksums *are* crypto attacks. They cover malicious tampering with files to create pre-images that hash to the same value. *THIS IS NOT AT ALL WHAT RSYNC DOES*. > >From a checksum I expect two things: (1) the pre-images of elements > in the range have all similar sizes, Why ? This makes no sense, and is in contradiction with (2). >(2) it is very "discontinous". > The second to use it for proving the integrity of data transmited: > little changes produce a completely different checksums. Duh. Every crypto hash has that property for obvious reasons. > The values when > the changes are big do not play a role. Now, Rsync conclude A=B from > hash(A)=hash(B) also when A and B are completely different. > Are md4 and sha1 good? When we use rsync and git, we are part of a > big empirical proof (or refutation) of it. OF COURSE they're good. We're not talking crypto-attacks! We're talking checking files. If you need tamper-proof, you're using cvsync or rsync over a secure channel, like ssh ! (notice how rsync defaults to using ssh as a transport channel ?) You are utterly talking nonsense. Stop speculating about things you don't know the first thing about. All you're doing is trying to spread FUD about perfectly fine programs.
