similar to: MD4 checksum fix

On Tue, 2006-02-21 at 14:58 -0800, rsync2eran@tromer.org wrote: > A year ago we discussed the strength of the MD4 hash used by rsync and > librsync, and one of the points mentioned was that only collision > attacks are known on MD4. Could you please forward this into the bug tracker so it's not lost? -- Martin -------------- next part -------------- A non-text attachment was

Hi, while implementing the rsync protocol in one of our projects I found that the current CVS version still has a MD4 bug. I'm using the FreeBSD libmd implementation and I still had checksum mismatches with protocol version 27 for files whose size was a multiple of 64 - 4 ( - 4 due to checksum_seed). A patch for todays CVS version is attached. Someone should also review the clean_fname()

On Thu, 2004-04-08 at 12:36, Martin Pool wrote: > On 5 Apr 2004, Donovan Baarda <abo@minkirri.apana.org.au> wrote: > > > librsync needs a whole file checksum. Without it, it silently fails for > > case 1), 3), and 4). > > Yes, a whole-file checksum should be used with it. Presumably > something stronger than md4 like SHA-1. md4 is probably good enough for most

G'day, I've been working on a Python interface to librsync and have noticed that it uses md4sum code borrowed from Andrew Tridgell and Martin Pool that comes via rsync and was originally written for samba. Is there anything special about this code compared to the RSA md4sum code that can be found with libmd <"http://www.penguin.cz/~mhi/libmd/">? Python uses the RSA

I am the author of BackupPC (http://backuppc.sourceforge.net) and I am working on adding rsync support to BackupPC. I am implementing the server-side in perl, and the client will run vanilla rsync. (BTW, is there the protocol documented? I've answered all my questions by looking at the source, but it would be great to check against any docs.) I started with librsync 0.9.3 and the

Hi, The following lines in compat.c are rather imprudent: if (read_batch || write_batch) checksum_seed = 32761; else checksum_seed = time(NULL); write_int(f_out,checksum_seed); Setting checksum_seed to a constant in batch mode means block collisions are reproducible and predictable. Thus, some files will be permanently "unlucky" in batch mode and will

Hello, While porting rsync 2.5.6 to .NET (C#), I noticed that the MD4 engine in the original source code in my possession behaved differently from the C# MD4 engine that I was using in my own code. While testing the file transfer between my program and a compiled version of rsync 2.5.6, I noticed that the file checksums generated for the entire file to detect corruption on the link were

Hi, From v3.0.0 onwards the hash function implemented by Rsync was changed from MD4 to MD5 (http://rsync.samba.org/ftp/rsync/src/rsync-3.0.0-NEWS). My understanding is that MD5 is a more secure, slower version of MD4 but I am not convinced that the added security of MD5 would alone have merited the change from MD4 (particularly since MD4 is ~30% faster than MD5). I wonder if I am missing other

Hi, Is there a bug with the NT MD4 password check?? With one password, I can't access the shares.. in the log it says: ntlm_password_check: NT MD4 password check failed for user jason But when I change the password to something else it works. What's goin on?? Jason. -- Jason Coo Computer Engineer, P.Eng. The Fluid Life Corporation 1-877-962-2400 jason@fluidlife.com

Hello All, Well, I've admitted defeat. I've installed Samba 2.2.3a on a Solaris 7 machine and am trying to connect to it from a Win2K SP2 PC. I am using encrypted passwords. The same user (darren) exists on the pc (called 'plm') and the samba server ('sparky2'). The password for this user is the same on the PC, and the /etc/shadow and /apps/samba/private/smbpasswd

I'm sorry for asking a question which has been asked so many times before, but I can't seem to find the answer... How do I get to access my home directory on a Linux server running Samba from a Windows XP client? I'm getting "NT MD4 password check failed" in the log file even though the Windows client is listed in hosts.equiv. More information below... I have a small home

Would the asm md4 implementation used by Shareaza (under the GNU GPL) be appropreate to use in order to accelerate rsync? http://shareaza.svn.sourceforge.net/viewvc/shareaza/trunk/shareaza/asm/MD4_asm.asm?view=log http://sourceforge.net/projects/shareaza/

I'm not sure if this is the appropriate forum for questions regarding librsync, but couldn't find any others. I'm trying to get librsync working properly on Solaris 2.7 and 2.8 Sparc servers. The problem is that while librsync appears to compile cleanly, "make check" fails the sources.test. Does anyone have any insight as to why this might be? Might I need a specific

Skipped content of type multipart/alternative-------------- next part -------------- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 2005-07-04

Hi, I'm setting up a new sambserver, migrating from 2.2.8a with ldap backend to 3.0.x (3.0.2a and 3.0.3pre2 tested) with openldap 2.1.26 backend and using sambaSamAccount I'm experiencing the following problem: - Roaming profiles sometimes work, sometimes not (most of the time not) and show erratic behaviour like removing the local copy (without having the DeleteRoamingCache key in

still trying to solve my domain-problems (from time to time I get 'domain controller cant be found' on a special sambaserver 2.2.3a) Why does samba complain about wrong password for user nobody ? I actually found "nobody" in smbpasswd, but I'm not sure if I put it in there and dont understand why nobody needs to be samba-user. imho nobody is the unix-account under which

This patch adds the --link-by-hash=DIR option, which hard links received files in a link farm arranged by MD4 file hash. The result is that the system will only store one copy of the unique contents of each file, regardless of the file's name. Anyone have an example of an MD4 collision so I can test that case? :) Patch Summary: -1 +1 Makefile.in -0 +304 hashlink.c (new)

I'm interested in these very questions (librsync-rsync relationship, remaining limitations of rsync, active prospects for ground-up rewrites), Google searches for rsync info have proved a little too vague due to the programs ubiquity. Much has certainly changed since this was written, could some people with knowledge in these areas could update martin's response for the state of rsync,

Hi, Is there a way in which rsync's -z compression (zlib) utility can be benchmarked? I'm trying to compare the compression ratio between rsync and external compression tools like gzip and bzip2. Are there any advantages to using rsync's internal compression mechanism specified with the -z option compared to solely applying external compression i.e. bzip2 to the files and invoking

On Tue, Sep 24, 2013 at 10:21 PM, Aris Adamantiadis <aris at 0xbadc0de.be> wrote: [snip] > I've worked this week on an alternative key exchange mechanism, in > reaction to the whole NSA leaks and claims over cryptographic backdoors > and/or cracking advances. The key exchange is in my opinion the most > critical defense against passive eavesdropping attacks. > I believe