[RFC PATCH] Add SHA1 support

Dimitrios Apostolou jimis at gmx.net
Wed Mar 18 00:48:01 UTC 2020

On Tuesday, March 17, 2020 9:17:09 PM CET, Sebastian Andrzej Siewior wrote:
> On 2020-03-17 00:03:03 [+0100], Dimitrios Apostolou via rsync wrote:
>> On Thursday, February 20, 2020 10:34:53 PM CET, Sebastian Andrzej Siewior
>> via rsync wrote:
>>> I'm still not sure if rsync requires a cryptographic hash _or_ if a
>>> strong hash like xxHash64 would be just fine for the job.
>> I'm fairly sure the hash should *not* be easy to spoof, so I'd say a
>> cryptographic hash is needed.
>> As an example, if a file is replaced by a file of the same size and same
>> hash,
>> rsync (if -c is in use) will consider the file is the same, and avoid
>> copying it.
> correct. The same goes for currently used md5 which has known collision
> attacks. So if you intend to spoo it, you can manufacture the same hash
> for two different files for both algorithms. 

This was not the case in 2008 when rsync 3.0.0 came out defaulting to MD5.
I still think you need a cryptographic hash, even though I am not sure
of how strict the requirement is. MD4 was replaced by MD5 in rsync, despite 
being 2x faster. I would guess it was replaced because of its weaknesses.


More information about the rsync mailing list