search for: sha1_broken

Hi, From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other

...extremely unlikely that it would happen by chance when used by rsync. If anyone worries about this then maybe rsync would move to SHA-1 at some point. And then what if someone finds a problem with SHA-1? Indeed, Bruce Schneier has an article on this at http://www.schneier.com/blog/archives/2005/02/sha1_broken.html. Again, I reckon that the SHA-1 vunerability would have no practical effect if SHA-1 was used in rsync. Just my $0.02.</font> <br> <br><font size=2 face="sans-serif">rsync uses the hashing function to fingerprint the chunks. I do not see why this needs to have...

I''m building a site that requires user log-in and i have seen the Agile book using sha1 for password hashing while R-Forum uses md5. Is there any compelling argument to use one over the other? -- Posted via http://www.ruby-forum.com/.