[RFC PATCH] Add SHA1 support

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Tue Mar 17 20:17:09 UTC 2020

On 2020-03-17 00:03:03 [+0100], Dimitrios Apostolou via rsync wrote:
> On Thursday, February 20, 2020 10:34:53 PM CET, Sebastian Andrzej Siewior
> via rsync wrote:
> > 
> > I'm still not sure if rsync requires a cryptographic hash _or_ if a
> > strong hash like xxHash64 would be just fine for the job.
> I'm fairly sure the hash should *not* be easy to spoof, so I'd say a
> cryptographic hash is needed.
> As an example, if a file is replaced by a file of the same size and same
> hash,
> rsync (if -c is in use) will consider the file is the same, and avoid
> copying it.

correct. The same goes for currently used md5 which has known collision
attacks. So if you intend to spoo it, you can manufacture the same hash
for two different files for both algorithms. The question is how likely
it is that this happens by chance. According to [0] xxhash64 scores a
solid 10. It is better than crc32 which has been used a lot as a
checksum for files.

[0] https://github.com/Cyan4973/xxHash

> Dimitris


More information about the rsync mailing list