Mention that the MD4 password protection is weaker than

author Wayne Davison <wayned@samba.org>

Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)

committer Wayne Davison <wayned@samba.org>

Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
author Wayne Davison <wayned@samba.org>
Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
committer Wayne Davison <wayned@samba.org>
Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo

index 4186ad4..3b05a3e 100644 (file)
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -485,11 +485,11 @@ enddit()
  manpagesection(AUTHENTICATION STRENGTH)
  
  The authentication protocol used in rsync is a 128 bit MD4 based
  manpagesection(AUTHENTICATION STRENGTH)
  
  The authentication protocol used in rsync is a 128 bit MD4 based
-challenge response system. Although I believe that no one has ever
-demonstrated a brute-force break of this sort of system you should
-realize that this is not a "military strength" authentication system.
-It should be good enough for most purposes but if you want really top
-quality security then I recommend that you run rsync over ssh.
+challenge response system. This is fairly weak protection, though (with
+at least one brute-force hash-finding algorithm publicly available), so
+if you want really top-quality security, then I recommend that you run
+rsync over ssh.  (Yes, a future version of rsync will switch over to a
+stronger hashing method.)
  
  Also note that the rsync daemon protocol does not currently provide any
  encryption of the data that is transferred over the connection. Only
  
  Also note that the rsync daemon protocol does not currently provide any
  encryption of the data that is transferred over the connection. Only
author	Wayne Davison <wayned@samba.org>
	Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)
committer	Wayne Davison <wayned@samba.org>
	Wed, 14 Dec 2005 22:14:26 +0000 (22:14 +0000)