From 2b7e12924d91ce2470b0fefb20fe409ce090b3e7 Mon Sep 17 00:00:00 2001 From: Wayne Davison Date: Wed, 14 Dec 2005 22:14:26 +0000 Subject: [PATCH] Mention that the MD4 password protection is weaker than previously thought. --- rsyncd.conf.yo | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo index 4186ad4d..3b05a3e2 100644 --- a/rsyncd.conf.yo +++ b/rsyncd.conf.yo @@ -485,11 +485,11 @@ enddit() manpagesection(AUTHENTICATION STRENGTH) The authentication protocol used in rsync is a 128 bit MD4 based -challenge response system. Although I believe that no one has ever -demonstrated a brute-force break of this sort of system you should -realize that this is not a "military strength" authentication system. -It should be good enough for most purposes but if you want really top -quality security then I recommend that you run rsync over ssh. +challenge response system. This is fairly weak protection, though (with +at least one brute-force hash-finding algorithm publicly available), so +if you want really top-quality security, then I recommend that you run +rsync over ssh. (Yes, a future version of rsync will switch over to a +stronger hashing method.) Also note that the rsync daemon protocol does not currently provide any encryption of the data that is transferred over the connection. Only -- 2.34.1