Mention that the MD4 password protection is weaker than

author Wayne Davison <wayned@samba.org>

Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)

committer Wayne Davison <wayned@samba.org>

Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
author Wayne Davison <wayned@samba.org>
Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
committer Wayne Davison <wayned@samba.org>
Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo

index 4186ad4..3b05a3e 100644 (file)
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -485,11 +485,11 @@ enddit()
  manpagesection(AUTHENTICATION STRENGTH)
  
  The authentication protocol used in rsync is a 128 bit MD4 based
-challenge response system. Although I believe that no one has ever
-demonstrated a brute-force break of this sort of system you should
-realize that this is not a "military strength" authentication system.
-It should be good enough for most purposes but if you want really top
-quality security then I recommend that you run rsync over ssh.
+challenge response system. This is fairly weak protection, though (with
+at least one brute-force hash-finding algorithm publicly available), so
+if you want really top-quality security, then I recommend that you run
+rsync over ssh.  (Yes, a future version of rsync will switch over to a
+stronger hashing method.)
  
  Also note that the rsync daemon protocol does not currently provide any
  encryption of the data that is transferred over the connection. Only
author	Wayne Davison <wayned@samba.org>
	Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
committer	Wayne Davison <wayned@samba.org>
	Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)