crypted secrets

[Wayne Davison]

On Sun, Jun 26, 2005 at 01:44:02AM -0400, Alejandro Mery wrote:
> there is any trick/patch to let it support other htpasswd encrytion 
> methods? crypt,md5,sha1?

Since the password is not sent in the clear over the connection, having
the password in plain-text in the secrets file is not a problem unless
you worry about someone on the system being able to snoop your files.

I suppose you could easily tweak rsync to call something like crypt on
the typed password before doing rsync's normal exchange of a newly
computed hash (rsync negotiates a "challenge buffer" before sending the
MD4-encoded password), but that would really only serve to prevent a
snooper on your system from knowing the password's clear-text when they
look at your secrets file -- it would not preventing them from using the
crypt text to sign in (using a more normal version of rsync that did not
call crypt on the password).

More radical surgery would be needed to have the client use a reversible
encryption to send the clear-text to the server, which would allow the
server to extract the clear-text before doing whatever verification it
desired.  This is possible, but rsync would need to depend on a standard
encryption library to effect the transfer of the password, and this may
not be worth the additional complexity and incompatibility with existing
rsync versions.

..wayne..