5.1 Security Considerations for Implementers

Chunk hashes used in the RDC sub-protocol are computed using a cryptographically weak hash. To check the integrity of a file transfer using RDC, DFS-R furthermore uses a stronger hash, a SHA1 hash (160-bit) for checking that the assembled file coincides with the source file on the server. A client that manages content from multiple replicated folders with different access rights takes into account the scope of these integrity checks. For instance, if seed files are permitted across replicated folders, an attack scenario, however constructed, is to inject a seed file, which is different from, but whose chunk hashes and file hash coincide with, a particular plaintext.