Dear Randall Perry, RP> The initial post was regarding eDonkey/eMule client. RP> The files are broken into chunks. RP> The files are 'verified' by a one-way hash.
RP> By merely having a single chunk with the same hash is enough 'evidence' RP> that you are in complete possesion of that file. You forget that emule/edonckey reports what chunks of a specific file a host is serving (if you download). That might be 100% of the file, that said you can "verify" the user has that specific file even without downlaoding. (If you trust hashes, - emule and the edonkey protocol of course). RP> (whether or not it is a successful full copy on your machine, they will RP> ONLY know if ALL sources came from ONLY YOU and they were able to rebuild RP> the entire ISO from all those chunks FROM ONLY YOU). AFAIK, this is technicaly incorrect but may be correct in front of a court (where you would have to proof it can't be otherwise). RP> Otherwise, it is _possible_ to have a chunk with the same fingerprint and RP> make it appear that you have said chunk of their iso. That's *AFAIK* not possible, if this would be true the edonckey/emule protocol would have a big design flaw and poeple couldn't even trade millions of files every day, some (most?) downloads would be corrutped as they could have potentialy downloaded a wrong chunk which in fact is from another file. RP> (of course a 256 or 512 string would be more accurate and less to chance of RP> being false positive). RP> It's like saying that a brown Brinks money bag was stolen from the bank. RP> You possess such a brinks money bag, but that doesn't mean it is theirs. RP> (those with cryptography experience can better explain than myself). I am sorry, I am too long in the security field to still listen to analogies ;) (No insult intended) RP> (or do they assume these hashes are 'fingerprints') Oh... well an one-way hash (Md5,sha etc) technicaly speaking *IS* a fingerprint because it identifies a UNIQUE file. (collisions possible but unlikely) Please correct me if any of my assumptions above were incorrect. -- Thierry Zoller http://www.sniff-em.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
