On Sat, Apr 27, 2002 at 03:32:47PM -0700, Martin Pool wrote: > On 27 Apr 2002, Donovan Baarda <[EMAIL PROTECTED]> wrote: > > G'day, > > > > I've been working on a Python interface to librsync and have noticed that it > > uses md4sum code borrowed from Andrew Tridgell and Martin Pool that comes > > via rsync and was originally written for samba. > > Tridge recently discovered a bug in that code that probably does not > weaken the digest, but that may make it incompatible with standard > MD4. Basically, tail-extension is not properly carried out for blocks > that are a multiple of 64 bytes in size.
This would be nealy all blocks, as everyone would be using 2^n sized blocks where n>5. If you meant to say "...that are _not_ multiple of 64 bytes...", then I would dare to suggest fixing this would not hurt anybody, but definitely record the affects. > I haven't had a chance yet to check how this affects rsync. If it > does, I suppose we should evolve the protocol to fix it. > > There's not meant to be anything special about it. One of my TODO > items was to replace it with a faster implementation. I'm not sure how the RSA implementation compares speed-wise, but given it is more "correct", would there be major objections to replacing the samba md4 with the RSA one in librsync? I guess I should benchmark and publish results... There would be backwards compatability issues for librsync and rdiff, but I'm hoping that these can be dealt with simply, hopefully by just bumping the major version number and documenting the issue. librsync is not as widely used as rsync itself so I don't think it would matter that much. I think the RSA/libmd code is more "standard", and it would be wise for librsync at least to adopt the more widely used code. It is certainly nice that the md2, md4, and md5 API's are so interchangeable. The only reason not to would be licencing issues, but I would guess if Python can include it and be GPL compatible, then it should be OK. -- ---------------------------------------------------------------------- ABO: finger [EMAIL PROTECTED] for more info, including pgp key ---------------------------------------------------------------------- -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
