lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1294751540.20050408010130@Sniff-em.com>
Date: Fri Apr  8 00:01:36 2005
From: Thierry at sniff-em.com (Thierry Zoller)
Subject: Re: Case ID 51560370 - Notice of Claimed
	Infringement

Dear Randall Perry,

RP> The opportunity for collisions causes 'reasonable' doubt.  With all the
RP> 100's of terabytes being shared on P2P, I would imagine it quite possible
RP> for a couple of hashes to match.  (again, not concrete, but  _possible_)
RP> The problem is that such evidence admitted to court sets precedence for
RP> plausible matches (as opposed to innocent until PROVEN beyond reasonable
RP> doubt) to be presented as concrete fact.  And I am not a P2P guy (except
RP> BitTorrents of Fedora and Debian), but I am concerned about this mindset
RP> for prosecution bleeding into digital signatures, encrypted emails (that
RP> they cannot encrypt but see a string that resembles the characters 'I did
RP> it' ).

You forget that the hash is not the only unique thing that specific file
has in common with the pirated file/material.

Calculate the following probability:

- The file/chunck has the same MD5 (or whatever HASH)
  as the pirated material in question.
- The file has the EXACT same filename (if there would be a collission
how is the probability in mathametic terms that the file the
collission takes place has the exact same filename?)
- The file has the EXACT same size (The file has the EXACT same date
etc.pp)

I am sorry, but considering all these factors don't we have to conlude the
file is indeed THE file ? ;)

<Wild Speculation> Do the maths you probably get to a possibility which is equally likely
then a parental test based on DNA, which is accepted in some courts.</Wild Speculation>




-- 
Thierry Zoller

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ