rsync md4sum code.

Donovan Baarda abo at minkirri.apana.org.au
Sat Apr 27 20:08:01 EST 2002


On Sat, Apr 27, 2002 at 03:32:47PM -0700, Martin Pool wrote:
> On 27 Apr 2002, Donovan Baarda <abo at minkirri.apana.org.au> wrote:
> > G'day,
> > 
> > I've been working on a Python interface to librsync and have noticed that it
> > uses md4sum code borrowed from Andrew Tridgell and Martin Pool that comes
> > via rsync and was originally written for samba.
> 
> Tridge recently discovered a bug in that code that probably does not
> weaken the digest, but that may make it incompatible with standard
> MD4.  Basically, tail-extension is not properly carried out for blocks
> that are a multiple of 64 bytes in size.

This would be nealy all blocks, as everyone would be using 2^n sized blocks
where n>5. If you meant to say "...that are _not_ multiple of 64 bytes...",
then I would dare to suggest fixing this would not hurt anybody, but
definitely record the affects. 

> I haven't had a chance yet to check how this affects rsync.  If it
> does, I suppose we should evolve the protocol to fix it.
> 
> There's not meant to be anything special about it.  One of my TODO
> items was to replace it with a faster implementation.

I'm not sure how the RSA implementation compares speed-wise, but given it is
more "correct", would there be major objections to replacing the samba md4
with the RSA one in librsync? I guess I should benchmark and publish
results...

There would be backwards compatability issues for librsync and rdiff, but
I'm hoping that these can be dealt with simply, hopefully by just bumping the
major version number and documenting the issue. librsync is not as widely
used as rsync itself so I don't think it would matter that much.

I think the RSA/libmd code is more "standard", and it would be wise for
librsync at least to adopt the more widely used code. It is certainly nice
that the md2, md4, and md5 API's are so interchangeable. The only reason not
to would be licencing issues, but I would guess if Python can include it and
be GPL compatible, then it should be OK.

-- 
----------------------------------------------------------------------
ABO: finger abo at minkirri.apana.org.au for more info, including pgp key
----------------------------------------------------------------------




More information about the rsync mailing list