librsync currently uses a deterministic hash function,
which causes security problems in malicious settings.
This has been analyzed extensively in the mailing list.
Please consider randomizing the seed (or equivalently
and more portably, adding a random zero-th block). This
will require a stream format change to accomodate
transmission of the random seed.
Log in to post a comment.