On Tuesday, March 17, 2020 9:17:09 PM CET, Sebastian Andrzej Siewior wrote:
On 2020-03-17 00:03:03 [+0100], Dimitrios Apostolou via rsync wrote:
On Thursday, February 20, 2020 10:34:53 PM CET, Sebastian Andrzej Siewior
via rsync wrote:

I'm still not sure if rsync requires a cryptographic hash _or_ if a
strong hash like xxHash64 would be just fine for the job.

I'm fairly sure the hash should *not* be easy to spoof, so I'd say a
cryptographic hash is needed.

As an example, if a file is replaced by a file of the same size and same
rsync (if -c is in use) will consider the file is the same, and avoid
copying it.

correct. The same goes for currently used md5 which has known collision
attacks. So if you intend to spoo it, you can manufacture the same hash
for two different files for both algorithms.

This was not the case in 2008 when rsync 3.0.0 came out defaulting to MD5.
I still think you need a cryptographic hash, even though I am not sure
of how strict the requirement is. MD4 was replaced by MD5 in rsync, despite MD4
being 2x faster. I would guess it was replaced because of its weaknesses.


Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to