lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.1.2.0.0.20050407153121.01c38df0@localhost>
Date: Thu Apr  7 21:42:04 2005
From: lists at domain-logic.com (Randall Perry)
Subject: Re: Case ID 51560370 - Notice of Claimed
	Infringement

At 03:21 PM 4/7/2005, you wrote:
>Dear Thomas Sutpen,
> >> More nice will be if this .iso file is just 451,486k of /dev/random junk.
> >> Any proves that this file __IS__ Sybase Powerbuilder 9 Enterprise.iso?
> >> MD5? Something?
>The problem is much simpler, if 200 persons are sharing this ISO and if
>it is confirmed to be a "pirated" version by downloading from ONE of
>these users you can tell that the other 199 are also sharing the same
>pirated versions, knowing that most (all) p2p applications use hashes to
>identify the files. In other words, if 200 sources are listed all of
>them are sharing the exact same file, at least if you trust the p2p
>application code. (Which you can't proof does indeed work flawlessy
>in this regards, but you get my point).
No, it isn't quiet that clean.
The initial post was regarding eDonkey/eMule client.
The files are broken into chunks.
The files are 'verified' by a one-way hash.

By merely having a single chunk with the same hash is enough 'evidence' 
that you are in complete possesion of that file.
(whether or not it is a successful full copy on your machine, they will 
ONLY know if ALL sources came from ONLY YOU and they were able to rebuild 
the entire ISO from all those chunks FROM ONLY YOU).
Otherwise, it is _possible_ to have a chunk with the same fingerprint and 
make it appear that you have said chunk of their iso.
(of course a 256 or 512 string would be more accurate and less to chance of 
being false positive).
It's like saying that a brown Brinks money bag was stolen from the bank.
You possess such a brinks money bag, but that doesn't mean it is theirs.
(those with cryptography experience can better explain than myself).

I am not very comfortable with this grey area being enough 'concrete' 
evidence to condemn criminals.
What kind of computer training course do their attorneys even go through?
(or do they assume these hashes are 'fingerprints')









http://www.domain-logic.com




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ