lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4256A474.6040207@sdf.lonestar.org>
Date: Fri Apr  8 16:34:17 2005
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Re: Case ID 51560370 - Notice of
	Claimed	Infringement

Thierry Zoller wrote:

>You forget that the hash is not the only unique thing that specific file
>has in common with the pirated file/material.
>
>Calculate the following probability:
>
>- The file/chunck has the same MD5 (or whatever HASH)
>  as the pirated material in question.
>- The file has the EXACT same filename (if there would be a collission
>how is the probability in mathametic terms that the file the
>collission takes place has the exact same filename?)
>- The file has the EXACT same size (The file has the EXACT same date
>etc.pp)
>
>
>  
>
These factors do not come into play when you're talking about P2P 
protocols that use seeded chunks to share their files.  When a 
particular file is split up into chunks and each chunk is appropriately 
named on the host, the file itself (depending on the P2P protocol) 
doesn't always harbor a descriptive name.  The name of the file is 
stored in the protocol and file names/dates can very well be different.

These aren't the same issues as verifying a filesystem that you 
control.  It's a lot more complex than that.

             -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ