mirror/rsync
1
0
Fork 0
mirror of https://github.com/RsyncProject/rsync.git synced 2026-03-08 00:17:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Mention that the MD4 password protection is weaker than

Browse Source 
previously thought.
This commit is contained in:
Wayne Davison
2005-12-14 22:14:26 +00:00
parent 82f0c63e8a
commit 2b7e12924d
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
rsyncd.conf.yo
View File

@@ -485,11 +485,11 @@ enddit()
manpagesection(AUTHENTICATION STRENGTH)
The authentication protocol used in rsync is a 128 bit MD4 based
challenge response system. Although I believe that no one has ever
demonstrated a brute-force break of this sort of system you should
realize that this is not a "military strength" authentication system.
It should be good enough for most purposes but if you want really top
quality security then I recommend that you run rsync over ssh.
challenge response system. This is fairly weak protection, though (with
at least one brute-force hash-finding algorithm publicly available), so
if you want really top-quality security, then I recommend that you run
rsync over ssh. (Yes, a future version of rsync will switch over to a
stronger hashing method.)
Also note that the rsync daemon protocol does not currently provide any
encryption of the data that is transferred over the connection. Only