-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > One thing to keep in mind is that the collision-resistance of SHA-1 is > an unproven conjecture. sure, I was going to mention that - indeed, md4 is the algorithm used in rsync, and it _has_ been shown to be less collision-resistant than the full 128-bits would imply. which means that instead of finding only one collision in the entire lifetime of the universe, you'll find four. it doesn't change the fact that the probability of your computer catching fire and killing you, in an absolutely real and literal sense, is many millions of times higher, and that the time you spend worrying about this would be much, much better spent backing up your data offsite and wearing kevlar pants. also, excellent point someone made about passwords already using md5 in freebsd - this means that there are already an infinite number of passwords that will let someone into your box as root, right now, this very instant. so using rsync, you're hardly worse off.... -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQFBWcUBswXMWWtptckRAi3rAJ4tyujyV0XyT7nC2VpdntVA5KjIbwCdHkpZ OSGmWnJPtrb4DLrwNz0HaEA= =UZOZ -----END PGP SIGNATURE----- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"