[RFC PATCH] Add SHA1 support
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Tue Mar 17 20:17:09 UTC 2020
On 2020-03-17 00:03:03 [+0100], Dimitrios Apostolou via rsync wrote:
> On Thursday, February 20, 2020 10:34:53 PM CET, Sebastian Andrzej Siewior
> via rsync wrote:
> > I'm still not sure if rsync requires a cryptographic hash _or_ if a
> > strong hash like xxHash64 would be just fine for the job.
> I'm fairly sure the hash should *not* be easy to spoof, so I'd say a
> cryptographic hash is needed.
> As an example, if a file is replaced by a file of the same size and same
> rsync (if -c is in use) will consider the file is the same, and avoid
> copying it.
correct. The same goes for currently used md5 which has known collision
attacks. So if you intend to spoo it, you can manufacture the same hash
for two different files for both algorithms. The question is how likely
it is that this happens by chance. According to  xxhash64 scores a
solid 10. It is better than crc32 which has been used a lot as a
checksum for files.
More information about the rsync