lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6.1.2.0.0.20050407164140.01d7c618@localhost>
Date: Thu Apr  7 22:49:05 2005
From: lists at domain-logic.com (Randall Perry)
Subject: Re: Case ID 51560370 - Notice of Claimed
	Infringement


>That's *AFAIK* not possible, if this would be true the edonckey/emule
>protocol would have a big design flaw and poeple couldn't even trade
>millions of files every day, some (most?) downloads would be corrutped
>as they could  have potentialy downloaded a wrong chunk which in fact
>is from another file.

I came across this discussion:
http://forum.emule-project.net/lofiversion/index.php/t25107-150.html
..."Thats the point of file hashes. Emule doesn't work with file names for 
anything apart from searches. It uses hashes. So they can say you have a 
file with the same name and hash as one on e.g. sharereactor. Now that 
makes it pretty clear that you are sharing the file (this is not conclusive 
but makes it very likley,see my above post). In a criminal case you might 
just get off (not beyond ALL resnable doubt) but in a civil case you are 
screwed. "........

The opportunity for collisions causes 'reasonable' doubt.  With all the 
100's of terabytes being shared on P2P, I would imagine it quite possible 
for a couple of hashes to match.  (again, not concrete, but  _possible_)
The problem is that such evidence admitted to court sets precedence for 
plausible matches (as opposed to innocent until PROVEN beyond reasonable 
doubt) to be presented as concrete fact.  And I am not a P2P guy (except 
BitTorrents of Fedora and Debian), but I am concerned about this mindset 
for prosecution bleeding into digital signatures, encrypted emails (that 
they cannot encrypt but see a string that resembles the characters 'I did 
it' ).

Yeah, sorry about the analogies :)

















http://www.domain-logic.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ