from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other reasons which made the change necessary/desirable? I am looking at ways to optimise Rsync (for speed) hence my interest in this, Thanks, Nick -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html ___________________________________________________________ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is prohibited. Please refer to http://www.bnpparibas.co.uk/en/information/legal_information.asp?Code=ECAS-845C5H for additional disclosures. --=_alternative 003F2FF780257775_Content-Transfer-Encoding: 7bit Content-Type: text/html; charset="us-ascii" <br><font size=2 face="sans-serif">I don't know why rsync made this move. My guess is that it does not look good for rsync to use a discredited algorithm. See http://tools.ietf.org/html/draft-turner-md4-to-historic-00.</font> <br> <br><font size=2 face="sans-serif">Creating secure hashing functions is notoriously difficult. Several times algorithms previously thought secure have been shown to be vunerable to certain attacks. MD5 has also been discovered to be vunerable. See the article "MD5 considered harmful today" at http://www.win.tue.nl/hashclash/rogue-ca.</font> <br> <br><font size=2 face="sans-serif">So the question is, does rsync need a hashing algorithm that is cryptographically secure? I suppose it's due in part to the likelyhood of different chunks hashing to the same value. With the MD5 vunerability one has to specially engineer it. IMO it is extremely unlikely that it would happen by chance when used by rsync. If anyone worries about this then maybe rsync would move to SHA-1 at some point. And then what if someone finds a problem with SHA-1? Indeed, Bruce Schneier has an article on this at http://www.schneier.com/blog/archives/2005/02/sha1_broken.html. Again, I reckon that the SHA-1 vunerability would have no practical effect if SHA-1 was used in rsync. Just my $0.02.</font> <br> <br><font size=2 face="sans-serif">rsync uses the hashing function to fingerprint the chunks. I do not see why this needs to have all the strengths and safeguards of a cryptographic algorithm. Unless rsync is supposed to be defending against protocol attack? Is it? I didn't think so but I could be wrong, I don't know enough about this bit of the rsync code. If it is trying to defend against this then IMO it should be using an HMAC rather than just a hash code. Assuming it doesn't need these strengths/safeguards then maybe it should use a cheaper (i.e. quicker) hashing algorithm.</font> <br> <br><font size=2 face="sans-serif">Regards,<br> <br> Andrew Marlow<br> </font> <br> <br> <br> <table width=100%> <tr valign=top> <td width=33%><font size=4 face="helv"><b>Internet </b></font> <br><font size=1 face="sans-serif"><b>Nick.McCarthy at replify.com</b></font> <p><font size=1 face="sans-serif"><b>Sent by: rsync-bounces at lists.samba.org</b></font> <p><font size=1 face="sans-serif">04/08/2010 09:46</font> <td width=66%> <table width=100%> <tr valign=top> <td> <div align=right><font size=1 face="sans-serif">To</font></div> <td><font size=1 face="sans-serif">rsync at lists.samba.org</font> <tr valign=top> <td> <div align=right><font size=1 face="sans-serif">cc</font></div> <td> <tr valign=top> <td> <div align=right><font size=1 face="sans-serif">Subject</font></div> <td><font size=1 face="sans-serif">Optimising the Rsync algorithm for speed by reverting to MD4 hashing</font></table> <br> <table> <tr valign=top> <td> <td></table> <br></table> <br> <br> <br><font size=2 face="Calibri">Hi,</font> <br><font size=2 face="Calibri"> </font> <br><font size=2 face="Calibri">From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (</font><a href="http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS"><font size=2 color=blue face="Arial"><u>http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS</u></font></a><font size=2 face="Arial">). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other reasons which made the change necessary/desirable?</font> <br><font size=2 face="Arial"> </font> <br><font size=2 face="Arial">I am looking at ways to optimise Rsync (for speed) hence my interest in this,</font> <br><font size=2 face="Arial"> </font> <br><font size=2 face="Arial">Thanks,</font> <br><font size=2 face="Arial"> </font> <br><font size=2 face="Arial">Nick</font> <br><font size=2 face="Calibri"> </font><font size=2><tt>-- <br> Please use reply-all for most replies to avoid omitting the mailing list.<br> To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync<br> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html</tt></font> <br><pre> ___________________________________________________________ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is prohibited. Please refer to http://www.bnpparibas.co.uk/en/information/legal_information.asp?Code=ECAS-845C5H for additional disclosures. </pre> --=_alternative 003F2FF780257775_=--