lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <454088573.20050407232859@Sniff-em.com>
Date: Thu Apr  7 22:29:04 2005
From: Thierry at sniff-em.com (Thierry Zoller)
Subject: Re: Case ID 51560370 - Notice of Claimed
	Infringement

Dear Randall Perry,

RP> The initial post was regarding eDonkey/eMule client.
RP> The files are broken into chunks.
RP> The files are 'verified' by a one-way hash.

RP> By merely having a single chunk with the same hash is enough 'evidence'
RP> that you are in complete possesion of that file.
You forget that emule/edonckey reports what chunks of a specific file a host
is serving (if you download). That might be 100% of the file, that
said you can "verify" the user has that specific file even without downlaoding.
(If you trust hashes, - emule and the edonkey protocol of course).

RP> (whether or not it is a successful full copy on your machine, they will
RP> ONLY know if ALL sources came from ONLY YOU and they were able to rebuild
RP> the entire ISO from all those chunks FROM ONLY YOU).

AFAIK, this is technicaly incorrect but may be correct in front of a
court (where you would have to proof it can't be otherwise).

RP> Otherwise, it is _possible_ to have a chunk with the same fingerprint and
RP> make it appear that you have said chunk of their iso.
That's *AFAIK* not possible, if this would be true the edonckey/emule
protocol would have a big design flaw and poeple couldn't even trade
millions of files every day, some (most?) downloads would be corrutped
as they could  have potentialy downloaded a wrong chunk which in fact
is from another file.

RP> (of course a 256 or 512 string would be more accurate and less to chance of
RP> being false positive).
RP> It's like saying that a brown Brinks money bag was stolen from the bank.
RP> You possess such a brinks money bag, but that doesn't mean it is theirs.
RP> (those with cryptography experience can better explain than myself).
I am sorry, I am too long in the security field to still listen to
analogies ;) (No insult intended)

RP> (or do they assume these hashes are 'fingerprints')
Oh... well an one-way hash (Md5,sha etc) technicaly speaking
*IS* a fingerprint because it identifies a UNIQUE file. (collisions
possible but unlikely)

Please correct me if any of my assumptions above were incorrect.

-- 
Thierry Zoller
http://www.sniff-em.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ