Enhance sftp protocol: get SHA hash of file

Philipp Marek philipp.marek at linbit.com
Thu Jun 30 16:34:09 EST 2011


> A few years back I hacked in a simple "sumslist at eviladmin.org" protocol
> based on the block size that sftp set for it's window, but instead of
> SHA1 I was using MD5 at the time.  You could simply request a single
> block or loop through and request a list of blocks.
...
> I abandoned it for some reason.  I really wish I knew why.  I suspect it
> had to do with the cost of doing the checksum list was approaching
> the cost of actually downloading the file in the method I choice to
> implement it.
Well, I'd expect a simple command "manber-hashes START LENGTH " - perhaps 
with an optional setting that defines the average block size - that streams 
(start, length, manber-hash, MD5/SHA1) back to the client to be much more 
useful; it would be much faster than transmitting the whole file and 
wouldn't need that many query operations.


In the file I referenced in the other mail I use the MD5, the previous-to-
last manber hash and the last manber-hash (which has per definition N 
rightmost bits zero) - that's a few bits more security than just using MD5 
(where collisions can be created).
Of course, using SHA1 might (at least for the moment ;) be enough.

Perhaps, to be on the safe side, another optional parameter could specify 
"MD5+SHA1+SHA512+CRC32+..." to get all of these checksums ;)


Regards,

Phil


More information about the openssh-unix-dev mailing list