On Fri, 08 Apr 2005 13:45:51 EDT, Jason said: > I get the point just fine. Injecting files C and D results in a > situation that cannot be resolved without downloading both files. > > Song A = mp3 format file with valid license to BSA > Song B = mp3 format file without valid license to BSA > Song C = zip of Song A plus pad to generate MD5 > Song D = zip of Song B plus pad to generate same MD5 > > It is now impossible to distinguish between C and D without downloading > both. The content inside is still fully usable and valid but a violation > cannot be confirmed without yourself violating the law.
On the other hand, note the following: 1) The copyright nazi's aren't going to be looking for C *or* D, because they're only looking for files that have the same hash as A. They'd have to actually download C and D and *listen* to it, and identify it (quick - how do you tell the difference between the audio content of the original Beatles "Come Together" and the Aerosmith cover of the same song?) 2) It's of course simple to create an arms race where the copyright nazis need to expend more effort because they can't just go after the MD5 sum. However, it cuts both ways - if you see 15 copies of a file available with the same MD5 sum, you can have *some* trust it's not corrupted. If you see 15 copies with 15 different hashes, which one do you trust? 3) If you change the size, date, and MD5 hash and rename it to "Frozzle-bar.doc", you're not likely to get a note from Metallica's representative about the pirated copy of their album. But it's probably not going to be accessed very much unless you re-rename it to Frozzle-bar-really-metallica-master-of-puppets.doc. Of course, at that point, you *may* get a note from their representative.. :)
pgp6CswEGMlVD.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
