G'day,
From: "Wayne Davison" <[EMAIL PROTECTED]>
> On Thu, Apr 08, 2004 at 03:50:48PM +1000, Donovan Baarda wrote:
> > I think I've just realised what you were getting at; if the
> > checksum_seed is based on something like the whole file md4sum, it
> > becomes repeatable, but unpredictable.
>
> No
On Thu, Apr 08, 2004 at 03:50:48PM +1000, Donovan Baarda wrote:
> I think I've just realised what you were getting at; if the
> checksum_seed is based on something like the whole file md4sum, it
> becomes repeatable, but unpredictable.
Not so. Copy the file once, and you'd get all the data you'd
Ahoy,
On 2004/04/08 14:16, Donovan Baarda wrote:
>>Nice indeed, but the cost is enormous: you'll have to read the file
>>twice. When syncing a mostly-unchanged file that's larger than the disk
>>cache, that means doubling the runtime (and disk load) on the receiver's
>>side. Also, it means 'rdiff
G'day again,
From: "Eran Tromer" <[EMAIL PROTECTED]>
[...]
> > if the
> > checksum_seed is based on something like the whole file md4sum, it
> > becomes repeatable, but unpredictable. You can't manipulate individual
> > blocks without it affecting every other blocksum, but the signature for
> > th
On 2004/04/08 08:50, Donovan Baarda wrote:
>>In some cases you might prefer to actually store an signed signature
>>using something like GPG.
I think librsync should act as a black box that guarantees file
integrity (which, apparently, requires a whole file checksum). If
someone wants to add authe
G'day,
From: "Eran Tromer" <[EMAIL PROTECTED]>
[...]
> > librsync needs a whole file checksum. Without it, it silently fails for
> > case 1), 3), and 4).
> >
> > librsync could benefit from a random checksum_seed. It would need to be
> > included in the signature. Without it librsync is vulnerable
Hi,
On 2004/04/05 07:21, Donovan Baarda wrote:
[snip]
> there are four ways crafted blocks can be use;
>
> 1) two crafted blocks in the "original" file
>
> 2) two crafted blocks in the "target" file
>
> 3) a crafted pair of "target" and "original" files with matching
> block(s)
>
> 4) a block
On Thu, 2004-04-08 at 12:36, Martin Pool wrote:
> On 5 Apr 2004, Donovan Baarda <[EMAIL PROTECTED]> wrote:
>
> > librsync needs a whole file checksum. Without it, it silently fails for
> > case 1), 3), and 4).
>
> Yes, a whole-file checksum should be used with it. Presumably
> something stronge
G'day again,
Just revisiting an old thread after some more thought. Eran and I were
discussing the vulerability of librsync and rsync to deliberate attempts
to craft blocks with matching signatures but different content. It turns
out it's disturbingly easy. Here's a bit of context;
From: "Donovan
