X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/37439b36e72a2fbd7999e40f243781ae0b463db3..2b7e12924d91ce2470b0fefb20fe409ce090b3e7:/rsyncd.conf.yo

diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index 7ef31cb5..3b05a3e2 100644
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -269,7 +269,7 @@ system. The usernames may also contain shell wildcard characters. If
 "auth users" is set then the client will be challenged to supply a
 username and password to connect to the module. A challenge response
 authentication protocol is used for this exchange. The plain text
-usernames are passwords are stored in the file specified by the
+usernames and passwords are stored in the file specified by the
 "secrets file" option. The default is for all users to be able to
 connect without a password (this is called "anonymous rsync").
 
@@ -485,11 +485,11 @@ enddit()
 manpagesection(AUTHENTICATION STRENGTH)
 
 The authentication protocol used in rsync is a 128 bit MD4 based
-challenge response system. Although I believe that no one has ever
-demonstrated a brute-force break of this sort of system you should
-realize that this is not a "military strength" authentication system.
-It should be good enough for most purposes but if you want really top
-quality security then I recommend that you run rsync over ssh.
+challenge response system. This is fairly weak protection, though (with
+at least one brute-force hash-finding algorithm publicly available), so
+if you want really top-quality security, then I recommend that you run
+rsync over ssh.  (Yes, a future version of rsync will switch over to a
+stronger hashing method.)
 
 Also note that the rsync daemon protocol does not currently provide any
 encryption of the data that is transferred over the connection. Only