Full Disclosure mailing list archives
Re: Re: Case ID 51560370 - Notice of Claimed Infringement
From: Thierry Zoller <Thierry () sniff-em com>
Date: Thu, 7 Apr 2005 23:28:59 +0200
Dear Randall Perry, RP> The initial post was regarding eDonkey/eMule client. RP> The files are broken into chunks. RP> The files are 'verified' by a one-way hash. RP> By merely having a single chunk with the same hash is enough 'evidence' RP> that you are in complete possesion of that file. You forget that emule/edonckey reports what chunks of a specific file a host is serving (if you download). That might be 100% of the file, that said you can "verify" the user has that specific file even without downlaoding. (If you trust hashes, - emule and the edonkey protocol of course). RP> (whether or not it is a successful full copy on your machine, they will RP> ONLY know if ALL sources came from ONLY YOU and they were able to rebuild RP> the entire ISO from all those chunks FROM ONLY YOU). AFAIK, this is technicaly incorrect but may be correct in front of a court (where you would have to proof it can't be otherwise). RP> Otherwise, it is _possible_ to have a chunk with the same fingerprint and RP> make it appear that you have said chunk of their iso. That's *AFAIK* not possible, if this would be true the edonckey/emule protocol would have a big design flaw and poeple couldn't even trade millions of files every day, some (most?) downloads would be corrutped as they could have potentialy downloaded a wrong chunk which in fact is from another file. RP> (of course a 256 or 512 string would be more accurate and less to chance of RP> being false positive). RP> It's like saying that a brown Brinks money bag was stolen from the bank. RP> You possess such a brinks money bag, but that doesn't mean it is theirs. RP> (those with cryptography experience can better explain than myself). I am sorry, I am too long in the security field to still listen to analogies ;) (No insult intended) RP> (or do they assume these hashes are 'fingerprints') Oh... well an one-way hash (Md5,sha etc) technicaly speaking *IS* a fingerprint because it identifies a UNIQUE file. (collisions possible but unlikely) Please correct me if any of my assumptions above were incorrect. -- Thierry Zoller http://www.sniff-em.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Case ID 51560370 - Notice of Claimed Infringement Jason Coombs (Apr 04)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Tim O'Guin (Apr 04)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Dunceor . (Apr 05)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Ag. System Administrator (Apr 05)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Thomas Sutpen (Apr 06)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Dunceor . (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Thierry Zoller (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Randall Perry (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Thierry Zoller (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Randall Perry (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Thierry Zoller (Apr 07)
- RE: Re: Case ID 51560370 - Notice of ClaimedInfringement Poof (Apr 07)
- RE: Re: Case ID 51560370 - Notice of ClaimedInfringement Ron DuFresne (Apr 07)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement Michael Holstein (Apr 08)
- Re: Re: Case ID 51560370 - Notice of ClaimedInfringement buford.t.pisser (Apr 08)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Thomas Sutpen (Apr 06)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement bkfsec (Apr 08)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Mike Owen (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement Valdis . Kletnieks (Apr 07)
- Re: Re: Case ID 51560370 - Notice of Claimed Infringement bkfsec (Apr 08)