search for: hashclash

Hi everyone, Not sure if you've read http://www.win.tue.nl/hashclash/SoftIntCodeSign/ . should some kind of advisory be sent to advise people not to rely solely on MD5 checksums? Maybe an update to the man page is due ? : " MD5 has not yet (2001-09-03) been broken, but sufficient attacks have been made that its security is in some doubt. The attack...

Hi, From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other

Based on the published rsync algorithm (pdf<http://cs.anu.edu.au/techreports/1996/TR-CS-96-05.pdf>), it appears to filter definitely different blocks from possibly unchanged blocks using weak hashing, then applying strong hashing to double-check the rest of the file for true differences. MD4 and MD5 do experience collisions, so isn't rsync fast at the risk of being inaccurate? If I can

...;Creating secure hashing functions is notoriously difficult. Several times algorithms previously thought secure have been shown to be vunerable to certain attacks. MD5 has also been discovered to be vunerable. See the article &quot;MD5 considered harmful today&quot; at http://www.win.tue.nl/hashclash/rogue-ca.</font> <br> <br><font size=2 face="sans-serif">So the question is, does rsync need a hashing algorithm that is cryptographically secure? I suppose it's due in part to the likelyhood of different chunks hashing to the same value. With the MD5 vunerabil...