crypted secrets

Wayne Davison wayned at
Mon Jun 27 16:54:35 GMT 2005

On Sun, Jun 26, 2005 at 01:44:02AM -0400, Alejandro Mery wrote:
> there is any trick/patch to let it support other htpasswd encrytion 
> methods? crypt,md5,sha1?

Since the password is not sent in the clear over the connection, having
the password in plain-text in the secrets file is not a problem unless
you worry about someone on the system being able to snoop your files.

I suppose you could easily tweak rsync to call something like crypt on
the typed password before doing rsync's normal exchange of a newly
computed hash (rsync negotiates a "challenge buffer" before sending the
MD4-encoded password), but that would really only serve to prevent a
snooper on your system from knowing the password's clear-text when they
look at your secrets file -- it would not preventing them from using the
crypt text to sign in (using a more normal version of rsync that did not
call crypt on the password).

More radical surgery would be needed to have the client use a reversible
encryption to send the clear-text to the server, which would allow the
server to extract the clear-text before doing whatever verification it
desired.  This is possible, but rsync would need to depend on a standard
encryption library to effect the transfer of the password, and this may
not be worth the additional complexity and incompatibility with existing
rsync versions.


More information about the rsync mailing list