Dear Randall Perry, RP> The opportunity for collisions causes 'reasonable' doubt. With all the RP> 100's of terabytes being shared on P2P, I would imagine it quite possible RP> for a couple of hashes to match. (again, not concrete, but _possible_) RP> The problem is that such evidence admitted to court sets precedence for RP> plausible matches (as opposed to innocent until PROVEN beyond reasonable RP> doubt) to be presented as concrete fact. And I am not a P2P guy (except RP> BitTorrents of Fedora and Debian), but I am concerned about this mindset RP> for prosecution bleeding into digital signatures, encrypted emails (that RP> they cannot encrypt but see a string that resembles the characters 'I did RP> it' ).
You forget that the hash is not the only unique thing that specific file has in common with the pirated file/material. Calculate the following probability: - The file/chunck has the same MD5 (or whatever HASH) as the pirated material in question. - The file has the EXACT same filename (if there would be a collission how is the probability in mathametic terms that the file the collission takes place has the exact same filename?) - The file has the EXACT same size (The file has the EXACT same date etc.pp) I am sorry, but considering all these factors don't we have to conlude the file is indeed THE file ? ;) <Wild Speculation> Do the maths you probably get to a possibility which is equally likely then a parental test based on DNA, which is accepted in some courts.</Wild Speculation> -- Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
