Slashdot Mirror
Finnish Firm Claims Fake P2P Hash Technology
An anonymous reader writes "As reported by The Inquirer, a Finnish company known as Viralg Oy claim to have developed software that can create a junk file with the same hash as a genuine p2p download. This, according to the company, can altogether stop the sharing of copywritten files by flooding p2p networks with corrupt/junk data, which then spreads through the network, causing less and less of the original file to be available. However, with the resolve of the p2p userbase, is this software really going to 'beat all Peer 2 Peer pirates at their own game,' or simply prove a minor annoyance?"
People will always creatively find a way around everything!
Or they have cracked even the strong hashes. In which case they are really cool. I know Mr. Torvalds is Finnish, but I doubt even he could come up with algorithms to do that.
In their conceited press release, they have compared Spoofing vs DRP/a
Iran captures three CIA agents
Bah! Screw you guys. I'll just make my own P2P hash algorithm. With blackjack. And hookers. In fact, forget the P2p hash algorithm. And the blackjack.
It's "copyrighted," not "copywritten." We're talking about rights, not writings.
how will this be different from the flodding of fake files already on P2P networks like Kazaa. Sure, the hash will be the same, but what "JHoe Sixpack" looks at hashes?!
Minor annoyance
I guess there are two schools here.
One believes this kind of fake files will only add burden to the internet, as users will just download one fake file after another until they got a hit.
The other believes that such annoyance will put most people off, because the total time/cost it takes to acquire something is now higher than the actual product.
I don't think MP3s will be affected because you can start playing the song if you've got the first bit. Can/will other file formats do that too?
Rock that crushes, Paper & Scissors that don't matter.
it's only a matter of days before it is cracked... I don't see why this scheme could be an exception to this rule.
I took the liberty of pre-caching the site on Coral before it went live - http://www.viralg.com.nyud.net:8090/index.html. I think Slashdot should really consider doing this as part of the proceedure...this site won't last a minute under the weight of our collective, nerdy asses.
Reply to this post with all workarounds.
Are they hoping the RIAA is going to buy it off of them? I have a strange feeling that this won't be the end of file-sharing on the internet. :-p
How big is that 'junk file'?
I've always thought it would be extremely possible to create a file with the same MD5 hash.
.. then I'll be impressed.
Now, what the company has to do is create a file of the SAME FILE SIZE, with the same MD5 hash that's a fake
= Grow a brain...
I highly doubt this would work - the object of a P2P network is to "peer-review" the files that get transferred. If you get a crappy copy of a file, most people delete it. Therefore, when one searches, the most popular results will most likely be the correct file and not the bad one.
Check out my sci-fi/humor trilogy at PatriotsBooks.
...they also found a way to block said files from being dragged into the Trash Can and deleted!
What hashing algorithm do they claim to have broken so completely? Sounds like BS to me.
Don't blame me; I'm never given mod points.
Bullshit. "Virtual Algorithms" my ass.
Well, there have been reports that some hash algrorithms are prone to "collisons" i.e. it is possible to find, with some effort, files that produce the same hash value and having the same size despite having different content.
The easy solution:
Use a safer Hash function.
+++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
... it only takes most pirates (at most) a week to find a work around and everything is back to (pirating) normal.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
This ain't new news. Some hash-algos have been compromised more or less - it just takes time to compute a file which has the same bitprint as any other file.. ..however if this same tech was used for illegal purposes, say faking a Linux distro .ISO..
They might be able to fake one hash, but don't most P2P networks use a combination of different hashes? if not then it would be easy to implement - you can either go for more than one different type of hash like md5 and sha etc or add salt/pepper to a chunk and make any number of hashes where each additional hash makes it insanely harder to crack..
This comment does not represent the views or opinions of the user.
Their site is down so I can't get any real details, but I think this is smoke and mirrors in any case.
I want a new world. I think this one is broken.
Use 2 (or more) different hashing algorithms on the file, and check the file size.
I'm pretty sure that should reduce the collisions to some stupidly small value.
Update Watch - Automatic software update notification
Read more here
fuvoo: watch something
in pdf form
Note the claims section and references - they keep talking about Napster and Kazaa - nothing about anything that use hashes.
Wouldn't this work like a virus? "this would corrupt files" and be illegal? what if someone accidently puts a system file to be shared?, what about legally shared content? will it destroy that too?
Torrent networks are incredibly resilient to filtering out garbage data. Unless these companies can set up disparate network addresses all seeding the same file few people bothering with files that have low seed sources.
If they are beating MD5 hashes, that is possibly probable but a BIG breakthrough....
Other mechanisms (eg, hacking the clients) is problematic, and seeding the network with files with bogus hashes quickly gets weeded out, unless they are also seeding the network with a lot of other nodes which moderate up the bad hashes...
Test your net with Netalyzr
So... if they polute MD5. then use SHA. Or any other hashing mechanism. This is not a slam dunk by any means.
Hey RIAA, the cat is out of the bag, down the road, in a pub, laughing at your attempts to find him and stuff him back in the bag. Just suck it up and deal with the market reality and stop wishing you'd actually offered a real solution back in 1997. Bygones!
DaGoodBoy
My God! It's full of Voids!
So, if they can calculate collissions for any hash algorithm shouldn't more people than file swappers be fearful? This is big news for, you know, computing in general.
Does anyone know what algorithms this affects? If it's just one of them, then don't the p2p networks just need to pick a different/better one?
If this company can do what it says it does, it mayb e possible to use it against child porn. If you could corrupt all the child porn on a network, then it would make it impossible to share it.
Q: How many mines does it take to make a minefield?
A: None. All it takes is a press release.
I have to wonder if this isn't just to take advantage of the folks who are light peer-to-peer users or are not using it at all and convince them it's not worth the bother. After all, a stronger hash, or perhaps even simply a different hash, would defeat this.
I don't subscribe to RMS's GNUtopian vision.
Don't most P2P programs use MD5? I was also under the assumption that P2P programs do a checksum on each piece of the file they receive, and if it's inaccurate it automatically re-downloads that part of the file. I've had pieces of a bittorrent download fail due to corruption and the client has just downloaded that part again.
Seems like this company's setup would only work in very specific circumstances, meaning it won't have much of an effect at all.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
Unless they have lots of supercomputer time, seeding the occasional p2p file with bad data will be very expensive.
At first glance, it looks ok, neatly done. However, take a closer look. The text is a large IMAGE! OMG - if their technology is anything like their web-design skills, then we're safe.
Also revealing is the line somewhere which says that after they released their software, the total PURCHASES DECREASED by some percentage!
There is a lesson here, and I hope somebody at the **IA sees it soon.
R.
The time-vs-accuracy tradeoff is a big one. One client which I know some people who use, takes almost 48 hours to index a full hard drive of files to share, and hash them all.
Anything less robust, you're liable to have collisions, such as these, apparently. Any more, and if you have a lot of files, there's a major time committment before you can actually begin to serve anything -- most people aren't willing to have their CPU pegged for 2 days straight while their P2P client hashes their 35,000 MP3s and 200 movies, or so.
Won't they need a copy of the orginal file off the p2p network in order to make a file with the same hash? Won't they in effect be downloading it off the p2p network and then be guilty of the same thing they're trying to stop?
Coder's Stone: The programming language quick ref for iPad
They probably aren't actually making files with the same hashes, just modifying the clients, probably open source ones too, to report the md5 sums that they want to for each file, so if the client doesnt re-check the sums, it'll get corrupt files, if it does, it'll just have wasted bandwidth.
If you only had a hash for the whole file, you wouldn't be able to validate any of the individual chucks, so it must be that the chunks have their own hashes. So, the resulting files need to be the same size as the chunks in order to work. One way to fix this might be to have the inital vector determine not only the next hash, but also the order in which the bytes are hashed. That way, creating files with the same hash won't be able to use greedy algorithms to that can work backwards one chunk at a time.
autopr0n is like, down and stuff.
isn't the whole point of a hash is that it's computationally-infeasible to create a file that that H(new file)=H(original).
if this technology is true, it'll completely undermine the safety of today's unix passwords, which are stored in clear text of their hash.
If I have one of these files and share the hell out of it, I better not be contacted by RIAA. If this spreads, not only will it make sharing difficult, it will make tracking legitimate (haha) piracy more difficult to detect. This (sort of) reminds me of a more high tech version of the time everyone started changing the name of their tracks to things like "Br1tn3y Sp34rs" to evade blocked searches.
This is good news as I can generate fake files and let RIAA/MPAA try to sue untill they run out of money :D
The most leading civilization; the perfect way of responsible living for all; simply the only country with truly working democracy.. ..and now this..
Maybe in the end it's not a bad turn of events..
- a finn
Both the Inquirer article and the company website are mighty short on details.
What hash is it that they have supposedly managed to write a fake-app for?
Sam has one liberty, which he sacrifices for one security. Can you tell me what Sam has now?
The fact is: the p2p networks will route around this stuff. With packet hashes, banning of corrupt pieces, and then, in little time, thigs would be back at normal.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
If this does prove to be a problem (which I sincerely doubt) what's to stop the P2P just double-hashing everything? if you can generate a file the same size which collides in MD5 *and* SHA1 then you deserve to be able to run P2P into the ground.
How many people can read hex if only you and dead people can read hex?
But how would you, the downloader, tell which one is real just by looking at the two files if they are relatively close to the same size?
Same size seems to be a further annoyance, but not necessary to prevent mass confusion.
That depending on the outcome of Grokster that these bastards - if they really can pull this kind of stunt (which I highly doubt) - will be the people on the fringe. It's like the discussion on rogue states. (i.e. What right does the US have to condemn other nations as "rogue" if it has been convicted by the ICC and subsequently vetoed UNSC resolutions requiring states to comply with international law) If right now the p2p users are the rogues, which is not my thought, then very soon the definition of "rogue" could very well turn on these folks. The RIAA is just preparing the soil for its own inevitable demise.
Using multiple hashes is a hash algorithm itself. If someone found a general way to crack hashes, then they'd be able to crack this new 'super' hash just as easily. All you'd really be doing is creating a hash with more bits. Might as well use the "best" hashing algorithm and increase the width.
autopr0n is like, down and stuff.
-- start ignorance
I do not know much about how p2p algorithms work, but here is my view why this is important.
When you serve up a file, it creates a hash of the file. It then looks for other files across the network with the same hash. So say you want bytes 200 to 300 of said file. It will go out and download it from another file with the same hash as the original. Problem if all that is checked is the hash then you can pollute the pool with corrupt files. So although two files have the same hash they might have different contents. I do not think this has anything to do with identifying a file from the end user's perspective (such as users looking at hash or file size), but the actual software-client perspective (such as the reliance of hashing to download a file).
--- end ignorance
"which then spreads through the network"
It's highly unlikely that it will spread since people don't keep empty files(Unless it's on DC to access big hubs).
They are actually counting on people to not look at the 2gb movie they just downloaded and just share it long enough for someone else to download it?
I alsow doubt that they will be able to infiltrate the varies methods of sharing files not all are as open as Kaaza and the likes. XdccBots for example on IRC. Here the Bot owner has the complete files thus can veryfy that they are what their titles claim.
Let's just concede they can actually produce a junk file which has the same hash. I'll even skip over which hash - let's also say it's one of the useful ones.
I'd be tempted to step up the credentials for a file, say one hash for the entire file, and another for the first 1kb, and so on. It should get significantly harder with each additional verification point.
What is neat, or not so neat depending on your point of view, are music files which deteriorate after a while. I don't know how they are made, but I have listened to music that sounds pretty good, but after the 10th playing it starts skipping. Or it could be those skips are not very noticable when first played, but once identified, they become annoying.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Hash functions are, by their nature, not reversable. So there's no way to take a hash and have that give you a file that has that hash. What you have to do is generate a file, hash it, and see what it is. You then continue to do this until you hit the desired hash.
/etc/secret file, which is full of hashes. It then keeps hashing test strings until it gets a hash that matches one of them. You then know you found the password.
That's how password brute force tools like John the Ripper work. You give it an
Well ok, that is slow even for tiny things like passwords. Indeed you go to 10+ characters passwords with mixed case and symbols and the amount of processing time needed is staggering. So for a file, which is many orders of magnitude larger than a password, it's essentially impossible.
I'm switching to hashish.
Linux - Because Mommy taught me to Share.
The linked article says nothing about hashing, period. However, it is definitely true that there are entities on P2P networks that are 'poisoning' files. This is how it works: the peers claim to have files with a popular hash value, but when you download pieces from those clients (using swarming), they give you garbage. When the entire file is pieced together, even one 'poison piece' is enough to cause a bad hash value, and the entire file gets scrapped.
There are solutions to this that use 'tree hashing', which allows you to identify corrupt pieces without having to throw everything out. If P2P protocols don't start implementing tree hashing, the poisoners will likely succeed.
This is what I've been saying for a long time. Don't sue the people downloading all this stuff, just mess up their quality of service with P2P and then give out something better. They'll all come flocking over to the new service and gladly pay. Look at how well iTunes does.
It doesn't matter what the hashing mechanism is. Due to the nature of what they are, they can be manipulated in one way or the other. The only problem with traditional methods of doing this is the amount of time and processing power required. If this works, kudos to them.
How about redundant hashing mechanisms? SHA-1, MD5, etc. hashes of the same file? It'd be a bit harder to break then...
If I recall, BitTorrent generates a hash for each individual piece of a file, then generates a hash for the .torrent file itself. To spoof that would be a serious piece of work.
If someone can really poison P2P networks with junk that hash matches (and I have a difficult time believing they've cracked all the hash generators), then consider some hypothetical entity probing illicit distribution of copyrighted material using hashes. They could end up making false accusations against individuals for trading trash instead of Trash©.
"Provided by the management for your protection."
If they can make a file with the same size and hash as a real file, when data from their file is mixed in with a real file, won't the new file have a different hash. This would at least slow the spread of these fake files.
If a Finnish company could generate a hash file that was identical to the actual file in response to a query, that would stump those pirates. Like the mythical beast Ro. He has the head of a lion and the body of a different lion.
On a more serious note, it seems like those files would fall under the same type of "natural selection" that bad genes would in the wild. If you had a bad file, you'd delete it if you knew about it, so unless the mother ship kept propagating, the number would quickly fall again. Is it a bad idea to think about files in P2P networks as genes in a genome? If one type of network had all bad genes, it would die the same way an organism would with all bad genes.
How about if the client software could run some basic sanity check on the file before allowing it be shared out. The Unix/Linux "file" command would be just the thing. ("file" determines what sort of file it is by looking inside the file, regardless of file extension.)
-Uberhund
Look at the name: Viralg Oy. Or, Viral Goy? Virtual algorithms? Things that smell like this usually send me running to snopes.
You know some idiots are going to take my *legitimate* downloads, like Mandrake 10.1, and create fake hashes bringing you virused software now... But then again, since I'm downloading (and seeding) in Linux most of the time, I'M safe. I pity those with no/outdated antivirus....
The Bittorrent protocol uses SHA1 hashing.
Yes, there was recently a paper presented that "broke" SHA1, but the result is 2**69 operations instead of 2**80 to find a SHA1 collision. 2**69 is still a very large number of operations... a lot less than a full 2**80, but still a prohibitively large number (more costly than the actual realized losses the entertainment industry is suffering).
PJRC: Electronic Projects, 8051 Microcontroller Tools
Here is a tool specifically designed to cripple the flow of data, how can it be thought of as anything but a virus? Should it work I could see TV and Movie studios using it surreptitiously to cripple net-based fledgling media companies.
This should be outlawed just like another intentionally malevolent software. Why shouldn't everyone write viruses and malware when the big guys do it and the government sanctions it. This is just the kind of thing that keeps web commerce from taking off to its full potential.
Letter To Iran
I admit, I take a look every now and then when I see something funny on the front page while I'm in the checkout line at Walmart. But beyond that, do people actually read it?
But how would you, the downloader, tell which one is real just by looking at the two files if they are relatively close to the same size?
Because fourty people are sharing one and four people the other?
With obsucre stuff it would be harder, but then obscure stuff is not likley to be targeted by these measures. I think it will be a long time before you see the complete soundtrack to the Muppet Movie have this technique applied and spread across the networks.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
the same SHA-1, SHA-256, SHA-384, SHA-512, and same audio/video header data. Maybe, just maybe, I'd be fooled for a second. I can check these things, you know.
You can hold down the "B" button for continuous firing.
Now, what the company has to do is create a file of the SAME FILE SIZE
The MD5 collisions that have already been found are for files that are of the same size. All it takes is to find one pair of blocks that collide, and you can build infinitely many pairs of same-size colliding files.
This has nothing to do with the claims of this company, though -- the article doesn't even mention hashing.
FTFA: it claims its technology can also destroy already shared files on peer to peer networks.
So are they claiming that their "virtual algorithm" includes the ability to delete files or what? Or do they seem to think flooding P2P networks with bogus data equates to destroying shraed data? If their technology can damage files on my hard drive then they could end up in a lot of hot water if it deletes a single legitimite file or otherwise corrupts unrelated data.
I fail to see how this can possibly work with any P2P system that uses a secure hashing algorithm. Sure, if they use CRC32, anyone can make a garbage file... but all the P2P apps I use incorporate secure hashing algorithms like SHA1.
:-)
If they have succeeded in cracking SHA1 or MD5 hashes... well, I think they'll soon be into more lucrative avenues than P2P blocking... such as hacking secure government and bank communications for the Finnish government.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
findhash.com - working with over ten thousand dealers across 500 cities, we can guarantee you're never further than 500m from your next toke.
NEW - text 555 GANGE from within any major urbaninsation, and within minutes you'll receive a reply with directions to your nearest shady back-alley/public toilet. show proof of use of our service and receive an extra 1/8 free. selected peddlars only.
remember kids, smoke local produce.
If increasing the noise ratio on P2P networks is a good thing, maybe we can use a similar technique to defeat spammers?
For example, if we could pollute spammers' email address databases with millions of bogus e-mail addresses, then instead of delivering millions of spam e-mails to real e-mail accounts every day, maybe spammers could only reliably send a few hundred to users, the rest of their messages would be to bogus addresses and be "noise" that spammers have to deal with.
How could we go about doing this?
I don't know the meaning of the word 'don't' - J
What will they do when people like the files with random noise better than any of the current music?
I Am My Own Worst Enemy
These people are selling snake oil pure and simple. I have a high degree of skepticism on any claim to be able to produce a random file of the same size and hash as a known file. That is, as long as the hash is not CRC or something ridiculous like that. If you're talking MD5 or SHA-1 or better, it's just ridiculous.
Oh, and just think how this could backfire on the RIAA/MPAA types: Search some P2P system for a file that might be your copyrighted material...download it to prove it is and that person X is distributing it illegally...receive unplayable garbage from P2P system instead. There goes your ability to prove in court that anybody is illegally distributing your copyrighted materials.
Day 1) Get Mom to stop bugging them to clean up their "Basement Layer"
Day 2) Finding their keyboard under crusted underpants
Day 3) Filtering out their D&D IRC channels to find one where someone says their crap is broke
Day 4) Hanging up Pirate flag and screwing on peg leg
Day 5) Finding enough change in the couch to buy enough Mountain Dew necesary for coding
Day 6) Coding
Day 7) Back to D&D, FINALLY!!!
IANACE (I am not a cryptography expert), but would it be possible just to provide two hashes on the same file or file portion? You would then have to find a collision of both types of hashs simultaneously. I would think that would be much harder to do. You can get a single collision easily enough, but finding one that works for both algorithms would be much harder.
As an alternative, you could set up a system where hashes are provided on variable sections of the file. So, it's unlikely that a colliding file would have the same hash for some subsection of the file, as well. And by setting it to hash on a random portion of the file, you should not be able to create a collision for every portion of the file (at least not in a reasonable amount of time for these networks, anyways).
Tim Dorr
Owner/Manger
A Small Orange
SHA gives a 160bit hash. Even assuming the algorithm is perfect, there will be collisions for anything over 160bits long. Even something the size of an mp3 (a couple megabytes) will likely have many, many collisions that are the same size.
It's extremely possible, the challenge is finding them.
From what I have notices, using Kazaa-type software in Finland is nowadays a complete waste of time. What you get are exactly these files the company claims to have created. Sometimes you here like 10 seconds of the actual song and the rest is just random noise.
Now, I do not know if what they claim is technically true or whether it is this company that is behind all these files, but I can tell that in real life it is extremely hard for a "normal non-geek user" to find pirated music here in Finland anymore.
Bittorrent and DC++ type of systems seem to be unaffected though.
You could also tie in the actual file data into the share (i.e. have speific bytes from the block in the naming/database/share scheme that must match others availabe for it to be grouped together, not just similar MD5sum). This prevents files being corrupted because they downloaded part from a valid source vs a part from an invalid source.
You may also come up with some sort of networked rating system for the files themselves, allowing for files to recieve values based on if they were valid or invalid. Have the functions hard coded to specific numbers say "+1" for a valid file signal being sent and "-100" for an invalid file. Force some checking before recieving the signal (i.e. the signal must be recieved from a source which has just downloaded the specified block) which will limit some of the spread of spoofed signals, but this sytem could probably be hijacked in the current form, but combining it with the users list could allow for quick removal of any files which are invalid from propigating far and wide on actually used segments of the networks vs and staged clients placed to spread junk data.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
You can always ensure an identical hash and size by filling the file with identical data and then uploading the new file to the P2P network. Imagine how quick filesharing would stop if all of the major industry groups started doing this. P2P wouldn't stand a chance, no siree.
The hash is generally generated on the client side of the original uploading system - and the validity of the file can only be checked once the file has been fully downloaded. So to break the system, just modify one of the open soure clients to report a particular hash for some random file of the same size as the original. There isn't any need to go to the effort that these guys have.
Wasn't the idea of dumping P2P networks with bogus files with identical hashes and file sizes as the real files patented in the USA about a year ago?
I remember that some Finnish people received an innovation award by "inventing" this idea, and some US professor had already patented it a month before they received the award..
Anybody remember? Links?
So, this doesn't seem to difficult to defeat. My new P2P app EMS (Eat My Shorts) will use *two* different hashes. Granted I'm sure for real crytographic purposes this would suck. But for hashes computed to exchange files wouldn't this make it exponentially more difficult to pollute the file-space?
Yes, I'm being fascetious about creating a new P2P app.
He just has to screw with somebody's legitimate data source and he's going to get screwed.
These ways of defeating P2P are most useless and wrong headed.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
For example, you send the company a copy of the .mp3 file you want to drive out of circulation. They feed it to a computation cluster and eventually out comes another file which has the same hash. You then publish this new file with the same filename on the victim P2P network and hope that it spreads enough to poison the P2P well, so to speak. There are a number of problems with this scheme (assuming of course that this is the sort of scheme that they offer):
This has to be the answer. Just a new way of poisoning P2P. Here's why:
Point 1: The article gives the impression that when you rip a CD using their protection method, somehow the hash result will be confused with other files that generated the same hash result, meaning you'll get bits of every file interleaved among each other on a download. BS!! The hash is computed against the actual MP3 file, which is different at minimum based on MP3 encoder used, compression settings, and even if you've modified the ID3 tags. Unless everyone was sharing perfect ripped .wav files, they won't be identical, and won't hash identically.
Point 2: Different P2P systems use different hashing methods. I don't believe it is possible to have a one-size-fits-all unless, once again, everyone is sharing the identical file (e.g. .wav).
Vaporware pure and simple. They are just betting the the record companies are stupider than the "pirates". Considering that the record companies spent how much on a system defeated by the SHIFT key, they may well be right, and collect a few million $'s of their own from corporate drones too stupid to understand that their cheese has moved!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I'm about to release a P2P application based on my new hashing algorithm. The algorithm itself is deceptively simple:
1) Look at the first bit of the file.
2) If that bit is a one, record a one, otherwise record a zero.
3) Repeat until you reach the end of the file.
I'm willing to bet the company can't come up with a way to get collisions out of that one!
bytesmythe
Hypocrisy is the resin that holds the plywood of society together.
-- Scott Meyer
If this company can do what it claims it can with their "virtual algorithm", then they have the capability to wreck havoc with much more than just P2P--because they are implying that they have broken MD5(or SHA1) in such a way that would make it completely useless as a secure hashing mechanism.
I know that MD5 is no longer considered to be a secure hash, but the scale upon which this company is claiming is simply staggering. Their claim implies that they can generate a chunk of data that is the same size and with the same MD5 has as a different chunk of data--and that they can do so quickly enough to make a business model out of destroying P2P.
This is a bullshit claim, unless they aren't talking about MD5 or SHA1. But if they aren't talking about MD5 or SHA1, then who cares?
— darco
The only contact information on the company's site is a single e-mail address. I find that somewhat shady.
Or are you the actual 'AI engine' and someone has stolen your ant farm?
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
This is exactly why darknets will gain favor within the file sharing community. The need to limit access to known community members or those that can be vouched for will slowly gain ground. I think that file sharing will slowly go back to where it came from - the "underground" of the internet.
But I could be wrong, maybe file sharing will be deemed legal in all countries in the future and this wont be a problem. HAHAHAHA.
This works "by flooding p2p networks with corrupt/junk data". Didn't spammers already try to kill email with a similar technique? Isn't this the basic principal behind posting on Slashdot? Yet they both continue to thrive..
-Lod
As the title of the article indicates.
-Jesse
Nothing says "unprofessional job" like wrinkles in your duct tape.
I've always thought it would be extremely possible to create a file with the same MD5 hash.
.. then I'll be impressed.
Now, what the company has to do is create a file of the SAME FILE SIZE, with the same MD5 hash that's a fake
Well, if you've ever used tripwire, that does 8, yes, count them 8 different hashes on a file. Just in case (I hate tripwire).
Now with the same size thing (which would be very impressive), its a little different because most if not all p2p programs do hashes on each chunk, not merely the whole file itself. So these guys have been able to figure out how to create a same sized chunk with the same hash value _on the fly_ before the download finishes.
Trust me, if these people were able to do this, they would be doing much more profitable things besides playing around with p2p downloads.
I haven't looked at it recently (the last time was back when giFT first came out), but from what I remember, Kazaa does not hash the entrire file (probably because it takes too long to do). instead they hash sections of the file at specific points (something like 1k of data at 1k, 10k, 100k, 1M, 10M, etc offset)
I believe they were using a pretty simple XOR based algorithm for hashing. Anyhow, whether it is easy or not to break Kazaa's hashes, I don't know, but it is certainly not comparable to SHA (or even MD5) on the entire file.
All you have to do is use multiple hash functions. Can they really create a file that will match 2 different types of hash?
Even if they manage to do this, all the P2P client developers have to do is get each client to sign the files that it is hosting and sharing. Then, via a web of trust that can be built by people signing the public keys of each others clients (say, when they get a good file), any spoofing and polluting client (and its shitty files) can be excluded (modded down so that they are invisible) because they do not have enough good signatures, or indeed, no signature at all.
Problem solved.
ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
Heck, could just be CRC-32 values as far as that likely goes, although hashes would be more resistent.
Upshot, I'm not buying stock in this company any time soon, and wonder when the lawsuits for false and fraudlent advertising start arriving.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
(Sorry I'm finishing a stats exam and I'm giong nuts here.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
SO say the RIAA tries to sue you, saying they saw that you had the newest 50 cent album on Kaaza. Couldn't you claim that what you had was not 50 cent's album, but random files with the same hash as 50 cent's mp3's? I mean, can't you fight the RIAA with its own weapons? If they completely destroy the mechanism with determining what files you currently have, then how does their claim that you had X file hold any merit at all?
Not only the company's, but also the submitter's claim seems to be bogus. Neither the Inquirer article nor the viralg.com website anywhere seem to be talking about hashes. Moreover, I'm kind of wondering where the Inqurer got their stuff from, since the viralg website contains... nothing. Nothing but blaah. No word at all on how they protect anything from anyone. A random link to the Finnish Top 40 allegedly showing how BMG became the market leader for domestic music. Umm, except that nothing whatsoever proves that Viralg had anything to do with it. (If you have evidence to the contrary, please post it!) Then there's some blurb about being insiders with mathematical knowledge up in the lonely north where there's nothing else to do is what got them where they are. So, where are they? Not like they actually tell us. No contact information besides the email address either (and nothing in the whois info). Apparently, being up in the lonely north with nothing else to do doesn't get you much further than producing a nonsensical website claiming you know how to save the world, find the question to the answer to life, the Universe and everything, with "stunning results."
:)
:)
And, breaking hashes, nonsense. If anything, maybe they are managing to manipulate P2P protocols to send you data you weren't supposed to be getting, but which is not actually going into the checksum?
Nothing for you to see here, methinks... and here I am wasting my time actually writing a reply to a trollish article.
On another random note, I kind of liked how their website looked in links.
Empty.
BitTorrent use hashes to verify each small chunk of the file as they are downloaded. I can imagine that it is very hard to find a collision for the entire file, but given the relatively small size of each chunk, I think it would be pretty easy to generate a collision for the smaller blocks.
Once you can do that, messing with the p2p system is trivial, just make a client that takes a torrent, makes fake data to satisfy the chunk's hashes and then start serving them up. No one will know if their download is crap until the entire file is complete, and you won't be able to tell which chunk is bad. Not only that, the "bad chunks" will propagate around they system.
Of course, defeating such a system is equally easy, just increase the chunk size. Of course, this could degrade bittorrent's performance.
We call them Brittney MP3s.
On a more serious note, this is pretty much a non-issue given that people can use VLC to preview incomplete files and will delete whatever seems non-kosher. If we further subdivide the hashing to blocks/parts then there's no way each individual part container will hash exactly in match with the original. Try massaging the hash for thirty separate parts. Non-trivial.
I've said it before. P2P is advancing apace with all sorts of things and within a short time will render this totally irrellevant. They just keep illustrating how badly they still don't get it. It's as if they trying to combat piracy using VCRs by attacking the mechanism of Super-8 film cameras.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
Morality aside...
Isn't this (if it actually works!) a type of denial of service attack? Those are clearly illegal. True, it is not targeting a specifically named server, but does that mean it is any less illegal because it attacks a class of machines instead of just one?
There is not nearly enough love in the world, but there is far too much trust.
"Possible" means p>0. "Extremely" possible is nonsensical. What probability of success do you have in mind?
Copywriting is not the same as copyrighting.
Rex Stardust, lead electric triangle with Toad the Wet Sprocket has had to have an elbow removed following their recent successful worldwide tour of Finland. Flamboyant ambidextrous Rex apparently fell off the back of a motorcycle. "Fell off the back of a motorcyclist, most likely," quipped ace drummer Jumbo McCluney upon hearing of the accident. Plans are already afoot for a major tour of Iceland.
Divorced after only eight minutes, popular television singing star, Charisma, changed her mind on the way out of the registry office, when she realized she had married one of the Donkeys by mistake. The evening before in LA's glittering nightspot, the Abitoir, she had proposed to drummer Reg Abbot of Blind Drunk, after a whirlwind romance and a knee-trembler. But when the hangover lifted, it was Keith Sly of the Donkeys who was on her arm in the registry office. Keith, who was too ill to notice, remained unsteady during the short ceremony and when asked to exchange vows, began to recite names and addresses of people who also used the stuff. Charisma spotted the error as Keith was being carried into the wedding ambulance and became emotionally upset. However, the mistake was soon cleared up, and she stayed long enough to consummate their divorce.
Dead Monkeys are to split up again, according to their manager, Lefty Goldblatt. They've been in the business now ten years, nine as other groups. Originally the Dead Salmon, they became for a while, Trout. Then Fried Trout, then Poached Trout In A White Wine Sauce, and finally, Herring. Splitting up for nearly a month, the re-formed as Red Herring, which became Dead Herring for a while, and then Dead Loss, which reflected the current state of the group. Splitting up again to get their heads together, they reformed a fortnight later as Heads Together, a tight little name which lasted them through a difficult period when their drummer was suspected of suffering from death. It turned out to be only a rumor and they became Dead Together, then Dead Gear, which lead to Dead Donkeys, Lead Donkeys, and the inevitable split up. After nearly ten days, they reformed again as Sole Manier, then Dead Sole, Rock Cod, Turbot, Haddock, White Baith, the Places, Fish, Bream, Mackerel, Salmon, Poached Salmon, Poached Salmon In A White Wine Sauce, Salmon-monia, and Helen Shapiro. This last name, their favorite, had to be dropped following an injunction and they split up again. When they reformed after a recordbreaking two days, they ditched the fishy references and became Dead Monkeys, a name which they stuck with for the rest of their careers. Now, a fortnight later, they've finally split up.
(telephone ringing)
Hello.
"Hello"
Yes?
"What do you think of Dead Duck?"
What do I think of Dead Duck?
"or Lobster?"
Lobster?...
From Monty Python's Contractual Obligation Album
Many people do not check the hashes on the P2P files. Rather they check the comments written about the file: As soon as one person posts that the file is a fake, no one will download it. (This also works for password encrypted files that people will avoid untill the password is posted in the comments.)
And there have never been a shotage of technical people in the warez/tunez scenes. Let the sell their bandaid, I'm sure they could use a buck or two.
But serious threat? No, just a request for a minor change in the model (or all BS marketing).
Quack, quack.
I don't believe it. Cracking MD5 is one tought nut, and to do this on massive scale as implied by the article, is impracticble. I suspect that even if they had a quick crack to MD5 or SHA, it would just mean a new hash would be needing to be developed. I'm in Texas, but still, show me.
This raises a number of interesting possibilities.
Depending on the type of 'junk' in these files, they may be useful in generating a quick one time pad (you could combiine seversl of these junk files to get some sort of random data).
This could badly backfire on them especially, when you consider that someone could use these 'junk' files to distribute new viruses, rootkits and other malicious code, or to disguise something more dangerous.
They applied their copy protection to their website.
...will be used to spread viruses.
or else!
Sounds like a pressing to space bar to circumvent the "high-level" encryption to me! (:
Maybe these guys should talk to the CherryOS people.
Does anyone know exactly which hash algo they RE'd? Also, DC++ (my p2p app of choice) uses Tiger Tree hashs... how secure are those?
I couldn't get to the manufacturers site but it seems likely that what this is about is hash collisions as many P2P protocols use them.
p df
Ok, first of all there has ALWAYS been a possibility of creating an arbitrary file with the identical MD5 (and just about any other hashing algorithm that I know of) as another file.
The utility of MD5 (and other hashing algorithms) is that there was no algorithmic way of doing this in a reasonable period of time. IOW if you wanted to create two 1K files with the same MD5 hash, then you would have to generate all possible 1K files compute the MD5 hash and then do a compare. As you can see this becomes more problematic as your file becomes arbitrarily large.
This landscape changed with the arrival of this paper:
http://www.infosec.sdu.edu.cn/paper/md5-attack.
and the more famous:
http://www.doxpara.com/md5_someday.pdf
Which talked about creating collisions with arbitrary payloads.
Now the good news:
This shortcut attack doesn't work for all hashing algorithms ( SHA-1 for example ).
If this is the approach that the company in question is taking ( and I would figure if they're targeting ANY of the systems that use hashing then they must).
Then the company is being patently stupid. The cost to develop a solution like this is going to be huge compared to the cost of simply rewriting the hash algorithm in P2P clients.
Hands up how many people here have d/led a new P2P client because the tracker said it was obsolete? Just about everyone right?
Compare that with the cost of someone trying to build a system to break SHA-1 hashes....and you see my point!
Actually, splinter cell: chaos theory, which was released 3/28, still hasn't been cracked. Of course, the copy protection (starforce) is so extreme that it installs its own CD/DVD-rom drivers, and doesn't even work on all computers, but nevertheless it seems to be quite a challenge to overcome.
If you can make a MD5 collison for any file of my choice, then feel free to write it up, you would easily get a paper at any of the very, very good computer science conferences (even if you brute force it)
Combination - fun iPhone puzzling
Even if the technique works as described, somebody would have to have to spend a lot of time and money generating the decoy files. And it would not affect file sharing unless the generation of these files was so widespread and thorough that they actually displaced most of the valid files.
Even if 25% of the files on P2P networks were garbage, it would not destroy the networks. Presently, a high percentage of all emails is spam, but spam has not yet destroyed email.
And that assumes no countermeasures by file sharers. I can think of some very obvious ones, the most obvious being to counterflood with valid files.
The next most obvious would be to improve the hashing methods for the networks involved.
"How to Do Nothing," kids activities, back in print!
I objected to the use of the term "Pirate."
We prefer: Buccaneer American.
"This, according to the company, can altogether stop the sharing of copywritten files by flooding p2p networks with corrupt/junk data"
Slashdot should rejoice at this! Since none of us download illegal material and nobody that any of us knows downloads illegal material, this technology might allow us to continue our legal, legitimate downloading of media and only target those handful of ruffians who engage in illegal filesharing. I'm all in favor of this!
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
SHA-256 looks like it's the way to go for now. However, if you are now designing a system which is intended to last a number of years that needs to use hashes to determine if two items are the same, then I would suggest that you use two unrelated hash functions to do the job. This is especially true if anyone else might have an incentive to fool the system.
However, this will prove to be a major inconvenience for honest people who are legally downloading things such as Linux, open source software, and free music, videos, and other items which are made available online for the purpose of the downloader's enjoyment at no cost.
False sense of security rulz :)
All it takes is to find one pair of blocks that collide, and you can build infinitely many pairs of same-size colliding files.
<nitpick>
Since there are only finitely many possibly files of a given size, there are also only finitely many possible pairs of files of that size.
Since the number of collisions is at most the number of pairs, that means there are only finitely many collisions of a files of that given size.
</nitpick>
You've got it backwards. The smaller the file being hashed, the harder it would be to create a collision.
Why? Because you have less to work with. Consider MD5 creating 512bits of hash while you're hashing a 1-byte file. You have 256 possible values each hashing to 512 bits. Think you're going to find any collisions? 2 bytes is 65536 unique possibilities. No collisions likely here. Only with files larger than the hash size itself is it mathmatically certain that collisions must exist (e.g. 1024 bits of data hashing to 512 bits of hash guarantees that collisions must happen for some input strings).
But then the trick is that in order to find that collision for your specific original string you may have to create and compare 2^1023 possibilities in the process.
I'll wait while you test this for yourself.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Nothing to see here except conniving thieves out to bilk the rather unsympathetic likes of the RIAA and MPAA. If the Finsish group had honestly found a way to defeat SHA-1 hashes (used in Bittorrent) they wouldn't bother with penny ante stuff like counterfeit files on a P2P network. The only reasonable explanation for this claim is that they intend to prey on the gullability and possible stupidity of organizations that I mentioned above. I doubt if they (**AA) are as clueless as this scheme would require.
This is at least somewhat equivalent to the less than entirely candid groups who continue to claim they have retrofitted a DRM on red book audio CD's. They use it to get checks from the gullible and technically unsophisticated before their skanky scheme falls apart in the real world. It is just another con game where the greed of the mark is used to separate him from more of his money.
What we need is distributed trust: http://calvin.sourceforge.net/distributedtrust.htm l
I wonder why people who use P2P don't help each other out a little more. For example, you have someone with 200 files shared. They are downloading and sharing at the same time. Sometimes they download a bad file, and share it. It would make more sense to have a "unchecked" folder for downloads, then more it to the "checked" folder to share.
What would stop the people who are trying to corrupt the file from sharing corrupt copy as "checked"?
Just need a better hashing mechanism.
-Em
RelevantElephants: A Somatic WebComic...
it might lead to ripping programs incorporating a trust + watermarking system, but since that would allow authorities to trace the origin of ripped files, it might actually harm p2p.
Or maybe p2p systems will start using trust oriented encryption, so that files may be "activated" anywhere but will be hard to fool via this hashing approach.
Amazing magic tricks
Imagine a beowulf cluster of 486 Thrift store computers, using their Paralel ports to communicate
(tcpip over paralell port is still "in" linux right?)
What would 512 486 machines be like as a cluster...
This technology is nice, but they forget one thing: what about the uploaders/downloaders. If I were to download something that isn't real, I'd delete it. Oh my, that was easy. This simple verification is all that it takes to stop this idea. Secondly, and more importantly, there are far more files out there than people are willing to fake. This idea may work for the most popular tunes, but for everything else, not much will change. I don't see there being a mass poisoning of "Freebird."
Perhaps rathering than figuring out how to make files with the same hash, they just figured out how to tell everyone on the network that their client has a file with that hash, when really the file doesn't? That's a far more trivial feat.
Does this mean you can share a fake file, then counter-sue the *IAA when they sue you for sharing copyrighted files?
Fetch Text URL - Firefox Extension
P2P clients, when they search for files, receive alleged hashes from where? The peers that claim to have them. And since most of these protocols have been reverse-engineered by now, I suspect that this program just combines a random-data generator with a multi-network untrustworthy P2P client. It'll sit on a network and respond to searches, report the expected filename, filesize, and hash (whatever algorithm is used), and wait for people to bite.
There is no technological way of verifying that the other peer is telling the truth (or at least there won't be unless the whole world implements some sort of Orwellian "Trusted Computing" requirement), aside from downloading the whole file and verifying it against the expected hash. No hash algorithms need be broken. I mean, once the whole file is downloaded, what does it matter to them whether the hash really matches? Why would even an idiot keep a downloaded file just because the program says it's verified and the size matches, if he can clearly see that the file doesn't work?
Signature.
I may be a bit low on information on this one, but doesn't bittorrent pull from a whole lot of sources and pick the best one? This would mean that you set up a big server with a fat upload pipe it would be selected more often for transfer and PIECES of the full file would be corrupted...
The question then becomes whether BT or whatever rehashes the file and finds it different upon download. My guess is that yes, this would come up with a different result and get flagged quite quickly.
My little site.
Y'all are missing the point.
These guys are not about taking out P2P.
They are part of a denial of service attack against the RIAA and MPAA, and we need more companies like them in order to make it effective.
You see, it works like this:
1) Make up a really snazzing sound anti-piracy product,
2) Back it with lots of sexy buzzwords and hand-waving
3) Sell, sorry LICENSE, it for lots of money to the (RI|MP)AA.
4) When it fails to perform, let in the next guy ready to do the same.
Repeat until (RI|MP)AA bank accounts have been depleted.
Or at least to be unique for each individual file per size. That would have ment that if you send the md5 sum plus the size info, you could in theory remake the file.
So instead of sending 'cf878d4809930e3696d9c9c242a6f646 1450466 KB' and recalculating what the content was, I will just have to retrieve SL-9.3-LiveDVD-amd64.iso.
Oh well, back to the drawing board.
Don't fight for your country, if your country does not fight for you.
The Finnish version of the RIAA, ÄKT, has quite recently got 28 major filesharers fined here in Finland, and I wouldn't be suprised if this was merely an attempt to scare off some more of the people still sharing.
Use two hashes
MD-5 and say SHA-1
It is [nearly] mathematically impossible to create two files of the same size with the same two hashes, through two substantially different algorithms.
Only such collisions will occur at a "node" in "hash space". Such nodes are rare, and given the same file-size for both hashes, impossible to acheive.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
I don't have any factual information regarding how these protocols work but I would assume they trust the hash values provided by the clients.
If this in deed is the deal, the only thing they would have to do is create a bogus client that feeds the network with hash values that match legitimate (or actually illicit) files. Then when another client wishing to get the real file starts downloading a portion of the file their bogus client just feeds them crap.
If this is what they are doing they can download real files being shared, grab their hash values, add this to their distribution quite easily. This gives them the ability to f*ck up files on file/by/file basis, not take down the whole network.
Now consider this sales pitch to record label "For $$$ we will go to these P2P networks and disable downloads for your new artist XYZ". Sounds like a nice deal, also I don't think they are doing anything wrong if this is their approach.
What's next, fake P2P magic shrooms?
Use more information to 'uniquely' identify files. Two different hashes might do the trick.
Even with weaknesses in hashing algorithms, it can't be that easy to find a collision in TWO systems at once, can it? That'd make the technology useless.
Maybe for simple hash codes, but if the P2P software decided to use MD5 or the likes to generate hash codes, it would be nearly impossible to find a colission; and if they did they would be more rich and famous for finding colissions.
not crack it ;P
sum.zero
Content companies don't need to break any hash algorithms to flood P2P systems with fake music. They could write a simulated P2P client that exposes REAL hashes of REAL music files, but then just upload white noise files when a real P2P client tries to download the music files.
cpeterso
And won't this be a Terms of Service violation for the P2P network? Open the vendor or those employing the device/services to lawsuits?
Most downloaders review their content after downloading - and, conceivably, might just delete any bogus seeded files - ending the circle of downloading crap content. Add a small functionality like 'r00d00d reviewed/approved content' and we could brand the content and create a 'web-of-trust' where people who know I do a good job of verifying my shared content, might download stuff I have reviewed knowing they will get a good file. Remember, there are people behind the technology, folks... r00td00d
Isn't it so that it is the responsibility of the client program, for example Kazaa, to calculate the hash sum of a file to be distributed? If so, wouldn't RIAA and the pals benefit from a rogue client that connects to the network and advertizes garbage files of the proper size with a proper hash? A sufficient number of such clients in a network would be a considerable annoyance for the file sharers, would it?
This is a "preimage" attack, which is very different and much harder than a "collision" attack (the subject of that paper). Also, the paper's collision attack is against MD5, not SHA1 (as used in bittorrent).
See this earlier post for details and a link to much more info.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Actually, the patent application does mention hashes.
...
From TFPatentApp:
"For example, the Kazaa network that is used herein as an example, provides each file with verification information which is sometimes called a hash code.
The invention is particularly useful in networks like Kazaa, in which the verification information (hash) is predominantly calculated over thethe characteristic information and the beginning of the file. Accordingly, introducing bad content may not radically change the verification information (hash) calculated by Kazaa, as long as the bad content is not near the beginning of the file. It has been found that changing the content of a file near its end may only alter the last few bytes of the hash calculated by Kazaa, whereby a falsified file that produces a perfectly-matching has can be generated by a brute-force algorithm."
Every time they mention "verification information" in their Claims section, they mean "hash."
... but the program. The problem is that when you search for a hash, then the other users are telling you they've got the file with the hash. _You_ cannot know whether the given file _in reality_ has the hash you searched for.
So, these guys probably haven't broken SHA-1 in some new way, because they don't have to.
On another note, when somebody wants to download something, then he searches for the name of the file, and not for the hash(!). The hash is only useful when you download large files at the same time, from different sources. So to flood e.g. the kazaa-network, one wouldn't even have to try to hash the files.
Of course all of the above isn't true to BitTorrent, but it could be fixed by e.g.:
Everybody downloads X pieces 2(or more times) from different sources(The tracker could also have trusted sources, etc...). If they don't match they download them from other sources, and the client whose version is wrong is reported to the tracker.
If client Y is reported Z times, then the tracker disconnects him.
Well...there it is. Time to Cash in that 401K. Ya can't take $$$ with ya, so you might as well try to run up some debt. The person with the most debt at death wins!
P2P is a technology. Yes it can be used for copyright violations, just like a photocopy machine or tape recorder. But it also has amazing possibilities in terms of creating a universal organic archive. Crippling like this -- and through using lawsuits -- is an unnecessary attack on a system in its infancy.
The copyright issues will work themselves out -- until the 20th century human art and ingenuity survived for thousands of years without the ability to make millions selling recorded music and video. If p2p has a major effect on the entertainment industry's ability to profit (and I'm still not convinced that it really will), human art and culture will survive. And people will continue to find ways to make a living creating art.
I'm probably doing the RIAA a huge favor here, but I always thought a good way to end P2P would be to edit some Yanni tracks down to the same size and give them the same name as what the kids all seem to be downloading. I know that would stop all the teens I know.
And the technology can also be used to inject viral code into bittorrents...
Funny name, the company has.
When will the media industry/ies realize that p2p will always find another way. Yea, sure you can shut down napster, flood kazaa, or shutdown the next torrent site -- but there will still be the next p2p protocol to pick up where the others left off. When will the MPAA or RIAA realize that no matter what new method is devised to stop *a* p2p network it still won't change the fact that some people are not willing to pay $16 for a cd or $20 for a dvd? Companies cannot coerce a demographic of intelligent people into doing what they want -- there will always be a spirit of resistence, and means to work around the barriers put in place (see decss, breaking of various DRM, etc.). Maybe instead of devising methods of stopping p2p, somebody should think of providing me, the consumer, with more and better options concerning how I spend my money. Such things can be successful -- look at the iTunes Music store (I don't mind spending a dollar on a song). How about a service to download movies -- $5 to download the latest feature film. How about an alternative to paying for cable when I don't want to watch half the crap they put on -- e.g. a $15 monthly service to let me download the shows I want to watch (keep your fox news and "must see tv" -- give me the daily show and deadwood). There are endless opportunities that technology and the internet provide that could limit p2p traffic purely by making it more convienent for me to get my media directly from the source, as opposed to from a back-ally bittorrnet site. The media industry seems to be more interested in regulation and litigation than serving us, the consumer -- which makes me inclined to just stick to downloading a tv show, album, or movie: they get my money when they make it worth my while. Do these companies exist just to make obscene profit margins so a CEO can buy a ninth home, or are they there to provide a service I value? Just keep trying to kill p2p, and I will keep moving on.
I wonder why people who use P2P don't help each other out a little more. For example, you have someone with 200 files shared. They are downloading and sharing at the same time. Sometimes they download a bad file, and share it. It would make more sense to have a "unchecked" folder for downloads, then more it to the "checked" folder to share.
That would break a feature which enables greater sharing... Uploading of parts of files that you do not have all of. Think BitTorrent, but less organized...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
This means that, in theory, some nogoodnik could obfuscate legitimate (a.k.a. legal) file sharing. For example, I have a Creative Commons licensed CD that can (and should) legally circulate on P2P networks. Someone (a.k.a. ex-girlfriend) could create junk "versions" of my music and prevent it from circulating properly. That would Suck.
Given that the original file is larger than the hash function's block size (128 bits for MD5; 160 bits for SHA-1), it is certainly possible to create a MD5 or a SHA1 collision with a file of the same size. The file size requirement introduces absolutely no additional difficulty. Start with a file of the same size, filled with any data you want (random bits are fine). Then adjust the last block of data to get the hash value you are seeking.
This is probably feasible today with MD5 given a motivated and well funded agency. Given the size and motivation of the movie industry, it may even be feasible for them to find a collision under SHA1 for their latest blockbuster movies. Undoubtedly the attacks on SHA1 will become more efficient over time, especially given that Moore's law has not finished its work yet.
A new hash standard is needed. SHA256 might be good enough. Or we might need a completely new approach. Meanwhile, delivering two separate and independent hash values (SHA1 and MD5) might be sufficient.
I've always thought it would be extremely possible to create a file with the same MD5 hash.
Well, it's not.
That is, the strength of any hash is based on that being near impossible. MD5 is a special case in that it's been partially broken, but generally, no, it's NOT extremely possible to create a file with the same MD5 hash, same size or not. (iirc, generated collisions have always been in same-size files).
xkcd.com - a webcomic of mathematics, love, and language.
Didn't junk data appear when people started sharing Britney Smears, N-Stink, and other cookie cutter boy/girl bands?
As an added bonus, toss in a few seconds worth of video overlays ("Piracy is bad!") or garbled audio. Finally, make the original source run slower as more data is d/l'ed, so people will have to decide whether to abandon a d/l whose sole provider has dropped to dialup speeds.
Nothing for 6-digit uids?
OK, it is probably BS. But how would the RIAA then be able to go after people? How could they prove that you downloaded any copyrighted works? It isn't illegal to download junk files, is it?
My beliefs do not require that you agree with them.
Maybe I'm an idiot, but it seems like they might have something here (in a bad way).
.torrent (forgive me if I'm wrong about that - I admit I know little of BT's inner workings. It seems doubtful though, as larger files would = larger .torrent's), but other networks don't have this comfort. It could be that the faked file is also feeding out faked hashes - hashing in P2P seems to me to be protecting from data corrupted over the transfer, not from bogus files. If my assumptions are correct (and I hope they aren't), then Viralg could fairly easily make false files without cracking MD5 or SHA (which as we all know is impossible, or improbable, or not marketable).
Hashing on all modern P2P networks occurs in small chunks while downloading (for obvious reasons). But where does the comparitive hash come from? From the other client? In Bit-torrent it is easily possible that the correct hashes originate in the
Again, this is only true if my understanding of P2P hashing is correct, which it probably isn't.
Plus (at least for BitTorrent) have each of the segemnts of the file come out to the correct hash. Yeah, you could waste time pulling a bad block from a bogus seed, but, after reciving it you'd notice the block hash dosn't match and you'd throw it away and try again (hopefully from a different seed), not retransmit it to others.
#include <signature.h>
BT won't even wait until the file is done. Blocks are verified as they're downloaded.
Unless they can find a way to cause a collision with every single block (usually 256kb) of the file, not just the file itself, this attack is useless.
DJ kRYPT's Free MP3s!
I can only think of bittorrent as the only trustworthy filesharing program.
Kazaa has a 'ton' of bad dupes submitted by the Riaa.
Blubster is the only P2p I would use but it has a ton of ad/spware and the Riaa is putting their crappy dupes in that system too.
man, you are pretty dumb
The RIAA can put out "evil clients" that find good files and lie to the tracker telling the tracker it's a bad file.
Unless the tracker double-checks the file itself, or has some way to trust the clients it's getting reports from, it's vulnerable to being lied to.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Hmm, why does that sound familiar? Viralg Oy. Viralg Oy. Vi-ralg Oy. AHA!
"Viral Goy"!
The secret message is that we gentiles are reproducing too quickly! I suspect the Pope.
Shop as usual. And avoid panic buying.
It doesn't matter.
Practically all P2P programs now download simultaneously from multiple sources.
If one in 100 sources with the SHA1 hash is the fake, then 1/100th of your file will be defective, and there will be no way to detect or correct this. If that 1 in 100 source with the corrupt file happens to have significantly more bandwidth available than the rest, your file will have an even higher percentage of corrupt data.
A few dozen people download the file, with each having 1/100th corrupted, but the corrupt sections are random within each file. As others download the file, they will see the dozen people as sources, and the percentage of corrupt data they recieve will be even higher.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
It's a couple pages in my paper here. Basically, the first 300Kb of Kazaa's files are hashed normally, then every 32Kb chunk of the file is hashed independently. This allows independent chunks to be downloaded out of order. These out of order chunks are recursively hashed against one another to create one final value, called a "kzhash", which is verified after the file is downloaded.
The attack is to use the recently released collision -- which creates two blocks that, when mixed against the default initial state of MD5, emit the same system state. Every 32K, you can embed one or the other in the file you're transmitting, and kzhash can't tell. What can you do with this? Morph a file as it traverses the network; have an installation executable describe the systems its being installed on as it propogates through a network. With a fairly large installer, you'd get quite a few bits in there.
You still don't get to do random noise, and while it's no Tiger Tree, kzhashing doesn't appear so exploitable that this group is likely to have anything. I could be wrong, but then, virtual algorithm? Right.
I think these guys have only been in business long enough to buy a website,translate it to english, screw with a copule bad Finnish rap tunes and then get themselves forgetten. They're dead to me.
These counter-measures that companies keep attempting to come out with to stop P2P remind me a lot of what is going on with pesticides and anti-biotics. As soon as they come out with the latest "greatest" thing that will put an end to P2P someone comes out with a solution to work around it. In the end the P2P just gets harder and harder to control ... all I have to say is HAHAHAHAHAHA FUCK YOU RIAA AND MPAA!
... instead they use scare tactics and attempt to keep making money off of the system that they've been using for years. Too bad we exist in a free market economy]
[Also, I do not use file sharing programs. I use iTunes and pay for my music because I said I would if those jackasses came out with a system to reasonably distribute their media
Since there are only finitely many possibly files of a given size, there are also only finitely many possible pairs of files of that size.
Since the number of collisions is at most the number of pairs, that means there are only finitely many collisions of a files of that given size.
All I said is that you can find an infinite number of pairs of colliding files where both files in each pair are the same size as each other. Since the size of these files is unbounded, there are an infinite number of such pairs.
www.viralg.com.nyud.net cannot be found. Please check the name and try again.
Considering that 15.000.000 bytes is sort of a standard when it comes to pirated games/isos/movies etc. Then you'd precompute a ton of hashed junk files stuff them on a HUGE fileserver (compressed file system). A big database to link hash sums with file names, and you got a possible junk seeder. (remember much of the time you'd only have to spread one corrupt file of 50-60 files). (ofcourse once the pirates catches onto this, we will start seeing releases with +1 byte incremental file sizes, or a stronger hash system)
Officially: "No comments"
CopyRIGHTED, dammit, not copyWRITTEN.
For every artist I find fake files for their music or videos I make it a point to use another source to download a legit copy, burn it to several cd's and then proceed to hand out copies to my friends.
crypto signatures are based on signing the hash of the message, not the message itself (this is because signatures are based on loseless decryption, and no one wants to sign a 200KB file with a 200KB signature). Why target P2P when "Verisign-signed" certs can be forged? In other words, bullshit. They might have found some collisions in weaker hash functions, but if _strong_ hash functions were defeated, the concept of security as we know it ceases to exist.
In all likelihood this is bullshit. Let me try to read between the lines and give the most generous guess at what they're doing that I can come up with.
They mention DRM, so it would seem that they intend to have control over the original encoded files. Recall that P2P apps often break the file into smaller chunks, which are identified by their hashes and then downloaded individually. Then, one way to screw with P2P downloading would be to arrange so that chunks of the original files all have the same hash (or the same hash as various other data that is injected into the network by attackers). Generating collisions is known to be possible (you might be able to even just use the published collisions by Wang et al. if the P2P app uses the standard MD5 IV, and then include an equal and randomly-generated suffix). Downloading using current methods would then likely corrupt the file, which could be checked by the DRM software.
This is pretty easy to fix in current P2P software by moving to hashes for which it is unknown how to generate collisions. (Or checking the hash of the entire file at the end, which no doubt some programs already do.) Also, since sharers don't generally start with DRM'd source material, a key assumption is violated.
It's possible to spoof the hash, but eventually the hash gets checked on the other end.
Possibilities:
- They're only talking about the FastTrack network, which only hashes the first X bytes of the file anyway. Solution: Don't use FastTrack. Or fix FastTrack to hash the whole file.
- They're talking about other networks that hash the whole file.
If they're simply sending garbage that doesn't match their hash, then it gets rejected immediately, and every P2P client in the world ignores them after a few spoofs.
If they're sending garbage that does match their hash, then either the hash won't agree with anybody else's copies on the network (since seeing corrupted files means those files get deleted and not shared anymore), or they're trying to exploit TigerTree hashing.
In a modern network like G2 or DC, TT hashes are used to verify file integrity. A Tree hash involves breaking the file into regular sized chunks, each of which you hash separately. Then you hash those hashes together to create a new hash, and hash those together, and so on until you have one root hash for the whole file.
The root hash tells you if the file as a whole is correct, and it's how you identify files over the network. But each level of the tree hash lets you verify parts of the file independently. Each sender tells you his own hashes for whatever sections he's sending you, up to the root hash.
Once you have enough hashes and the pieces of the files, you can hash each one and actually find which piece is the bad piece via an iterative sequence. Even though each piece matches the hash given for it, the hashes won't combine to make the tree of hashes work out correctly.
Google for Merkle Trees to see what I mean. They might be thinking that they can exploit a P2P network using this form of hashing, but while they can probably make clients accept the data they send, they can't actually corrupt the final file, as the tree walk will eliminate the bad data they've sent to the peers.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If the hash is bigger than the data, uniqueness can be guarenteed.
The only good reason I can think to do this is to obscurify data while maintaining collisions, e.g.:
student ID = hash(social security number + enrollment date + random data)
where sizeof(student ID) >= sizeof(input data)
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It seems that lots of people here are behind on their crypto news.
MD5 is done. Put a fork in it. SHA-1 is down for the count. These are not theoretical results but actual collisions. There is little doubt that a billion dollar industry can afford to generate these collisions, if they believe it will protect their revenue stream.
This is a very valid point! If you go to the NSA, they give you lots of forms to fill out, and put guys on your tail who wear black suits and sunglasses and never smile. If you go to the RIAA, they give you lots of cash, and you can hire models who wear black bikinis and sunglasses, and smile at you all the time!
--LWM
Even if they have something workable which i doubt. If they release it here and it does "destroy already shared files on peer to peer networks". Can we say lawsuit, if I lose an important file beacuse I'm sharing say a disertation on the mating behavior of the madagascar hissing cockroach, yes something I'm actually working on and in my share folder, you better beleive I'm gonna sue the crap out out these guys. This will most likely never happen anyway but I can always cross my fingers and lie about my back up files and get rich sueing these assholes.
WTF?
However, with the resolve of the p2p userbase, is this software really going to 'beat all Peer 2 Peer pirates at their own game,' or simply prove a minor annoyance?
Minor annoyance.
The higher the technology, the sharper that two-edged sword.
somehow I don't think kazaa is where you'll find "the good in humanity"
As opposed to being a full-of-shit utopian that can't see that P2P is embraced for the primary purpose of piracy, and not for "the good of humanity" or other such rot?
Seriously, I don't know how someone can state that opening up Kazaa or eDonkey is tantamount to bettering society without falling into a fit of the giggles.
Anti-piracy companies around the world are now using the infamous "Slashdot" thinktank to refine their methods.
...minor annoyance...
(Stolen sig) Remember: it's a "Microsoft virus", not an "email virus", a "Microsoft worm", not a "computer worm
Is it juat about whether NSA or RIAA pays more?
Word on the street is, if you have a good crack and you DON'T go to the NSA for approval first, other undefined issues will begin to occur in your life to make you wish you had.
Gnutella uses SHA1 but they also verify swarmed downloads using THEX. I think this should defeat their attempt at spamming though it will consume processing and bandwidth cycles.
smd4985
Thanks for the "insight" though.
But surely they just need to create a block or two with a bogus hash. The file hash may be wrong, but unless you know exactly which segment is wrong, you have no way of fixing it.
Or have I totally missed your point?
This kinda rings to me as the ol Fear and Uncertanty type tactics employeed by big companies. I don't see any technical references, other than the embedded 'Virtual Algorithm' which sounds suspicously like a trojan - trashing other files on the P2p Network. So if I keep all my legit documents in the same folder my P2P files [which hypotheically can be used for legitiment and legal file sharing] what happens when their 'virtual algorithm trashes my files ? To me this reeks of the plan 'make them think we can do this, an they will stop' this sort of scare tactic has never worked on P2P before, why should they expect it to now ? G
This dubious claim will have little to no impact on BitTorrent sites that require a login account. The very first time p2p_rockz seeds a torrent with garbage in it, his login will be revoked. This works even better for sites that require peer-invites. The chances of any given movie/recording honkey getting an invite are slim.
With that said, this will (if the technology works. hah!) change how "unregulated" p2p networks work. You have no idea if that 600mb file you are downloading is actually valid or not, since there is no accountability regarding sources.
Of course, when i'm downloading a movie, through an unregulated BitTorrent site, I wait for about 10 mb to get downloaded, and throw it onto VLC. If VLC cries and says it doesn't know how to handle the file, I just cancel the torrent.
Relax folks. There is nothing behind the algorithm.
> Since the size of these files is unbounded
What file system are you running that gives you limitless file size? Better yet - what universe are you from that you have an infinite amount of storage material for said file.
Oh, pardon me. You must have one of those new-fangled Turing machines...
*rimshot*
Tough audience...
I don't know how the search functions work in Kazaa etc. but can't you just send match to all querys with a fake client? Is there real data integrity check built into Kazaa clients?
Quidquid latine dictum sit, altum sonatur.
Céline Dion today signed a 10 year recording contract with Viralg Oy. More to come. .
1. Make website that touts your ability to prevent piracy.
2. require a copy of 'copyrighted material' for ability to detect it
3. flood p2p with fake hashes
4. laugh all the way to the bank as you just got paid to accept tons of copyrighted materials.
I love this world!
This is completely false. This is not a sig.
Quite a twist in the story of life.
One Finnish guy writes an OS that screams "information wants to be free", and years later, a Finnish guy writes something to potentially destroy this very idea.
I bet there is some complex background story that we aren't aware of... like this guy is the secret love fruit of Linus Torvalds and Condoleeza Rice. He was persuaded to join the dark side of the Whores (read ??AA) and one day father and son will have a showdown of hax0r proportions.
The final battle will take place in Finland. Glasses will be smashed, pies will be broken, and computer boxes will be pwn3ed.
I have seen the end, and it is geek indeed.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
What they are doing is not actually a new deal, and is nowhere near as effective as they would think. P2P apps search based on a specific hash (be it MD5, SHA1, or whatever) and then any computer with a matching hash sends data to the end user. What they are doing is claiming to have matching data, then sending their own corrupt junk data. On most P2P networks (aside from old FastTrack) this would be caught once the file is downloaded at the latest, while newer protocols (like new Gnutella, G2, BT, etc) actually use advanced hasing techniques to catch the corruption DURING the download. Basically this means that this company can slow down downloads (because the hashes will fail and you'll have to redownload part or all of the file) but it won't prevent them from happening.
They are NOT making colliding hashes. They are simply claiming to have the same file as you (based on the hash) so they can send junk data.
Still IMing in the stone age?
Add more hashes... i.e. how many bits gzip will compress the file to, what is the hash of the file XORED with the digis of pi,...
Oh, and the most important. Does the file play corectly and not produce "random" sound and noise?
bash-2.04$
bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
But that's not a true assumption: the size of files _is_ bounded, in this universe anyway.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
What about the audiofinger printing technology that record company want P2P companies to implement to stop illegal downloads (we all know it won't work). The same technology could be used against them the thwart such methods. My the guys who developed Ogg Vorbis and FLAC will develop an audio finger printing library.
eMule definitely helps you better yourself.
Patience is a virtue, right?
It's been a long time.
What if P2Pers were to use multiple hash functions to check files? SHA1 and MD5 sums use two very different methods to compute the hash for a file, so wouldn't using multiple hash functions mostly eliminate junk files?
You're not a crypto guy (yes, I can tell) and you're giving advice that md5+sha1 is harder to crack than sha1.
Please don't do this. Crypto is hard, and although I only pay a bit of attention to crypto I know your proposal isn't something that's respected amongst the crypto community.
Here's a possible attack against your method,
The weakest hash is the weakest chain in the link. If you can get a possible input for MD5 quicker than you can for SHA1 then you can use that to generate a significantly smaller set of inputs to test against SHA1, and then your concatenated string.
Using both is little better than using the weakest hash on its own.
I'll repeat -- please don't give crypto advice unless you pay a bit of attention to the field of crypto.
Can't argue with that, at least.
Oddly enough, that's not a real controller. If you look closely, it has 3 joysticks, a D-pad, and no face buttons. There also isn't a Z-button of any sort, which one would expect to find on a GC controller. The sticks in the bottom appear convex, which is the style for the old PS1 analog sticks before they became dual shocks. That there is only one set of L/R buttons with no Z trigger implies Xbox, but nothing else looks like an Xbox controller.
On the other hand, no system manufacturer has released a stick in quite that contour or (probably faked) shade of blue, so it is a 3rd party joypad (or an amalgomation of 3rd party joypads) of some sort.
Anyone recognize it?
The ______ Agenda
Oh, I get Mr. Schneier's thing and I'm not behind on the news; I am under the impression that that there have not been demonstrated preimage attacks on MD5, which is what I was referring to.
Re: SHA-1:
These are not theoretical results but actual collisions.
Again, here it is preimage attacks that are the problem, not just any collisions. But the results mentioned in the link are NOT actual collisions, just an algorithm to produce those collisions that might be feasable to run sometime soon. They didn't actually calculate any collisions. So not "actual collisons", but a "theoretical result". But that's just pedantry, sort of.
Anyway, as far as preimage goes SHA-1 is certainly still secure, as is -- I believe -- MD5, and this is what's relevant in downloading. If they are not, please point me to the appropriate thing.
xkcd.com - a webcomic of mathematics, love, and language.
P2P has comments on shared files. Like "This file is fake, please stop sharing it and delete it" which tells P2P users to cancel the download, delete the file, and stop sharing it. I guess the fake P2P Hash company needs to write software to add comments like "This file is real A++++" or something into tricking people to download it.
Ah well, P2P users usually get that trojan that wipes out their hard drive that the MPAA and RIAA co-wrote to help wipe out Internet Pirates in the form of an self-extracting EXE file that has the trojan in it, but contains a bogus file to pad it to the right lengths.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
i get a lot of colds.
Despite what most people believe the recording industry is tiny, and for the most part jobs there pay for crap.
Look at the numbers sometime, you'll be surprised.
if _strong_ hash functions were defeated, the concept of security as we know it ceases to exist
:o)
Yeah, my company figured out how to do that.. you may of heard of us - we're called "Setec Astronomy".
Please make a selection:
- Britney Spears
- Static
- Madonna having another emotional fit over P2P!
(Circles 3, holds breath)The dangers of knowledge trigger emotional distress in human beings.
In this case full potential means competition for the major labels - something they don't want.
At a certain point, it starts to look like anti-trust teritory, since newer legitimate business models for music distro that are based on P2P are hampered by this dinosaur's last gasp effort to undo progress...
I haven't seen it mentioned in this thread yet which is really surpising when you think how cool this project is..
e x.html
But Cornell U's Credence project completely circumvents the problems that this company may introduce to P2P.. And it depends on people, not computers, so you may be able to fool a computer, but not a person.
http://www.cs.cornell.edu/People/egs/credence/ind
http://www.haxwell.org
Why are they doing this? P2p technology has "legitamate" uses other than "pirating" media. What if a music artist wants to distribute his music on bittorrent? Who are they to corrupt it? What if someone wants to download a large file, like an .iso of Knoppix STD? (2 hour download for me on high speed connection) Why should someone be able to screw that up? IMHO they are as bad as "pirates" who download songs that they could get for 99 cents.
Basically, given a standard distribution,..
The distribution is not standard. Besides SHA1 and MD5 hashes are correlated, so the target hash space is not 2^288.
So, the "preponderance of evidence" is diluted even further, in a big way...
Why not just work with a user input ranking system. Then use an algorithm and apply a positive/negative flag (in terms of a good/bad file) as salt.
Obviously a large marjority of p2p users would choose not to participate in file hash "ranking" so the p2p app developer could implement a "download bin" and then a "committed download bin". This could determine a postive/negative flag for the file hash without the user being aware of their participation.
The recording industry would attempt to counter the hash "ranking" system by providing postive hash salts for garbage files. But in the event this occurred a system could be put in place like on ebay's rankings...if you get too many negative/false remarks that go against the majority (p2p users) your credibility is diminished.
Well, all they need to do then is store the 2^256,000 hash codes and their collisions and then upload them when requested.
That's how many codes again?
My little site.
easy fixes:
1 - Change to a different hash checksum algorithm after the one you were using becomes spoofed.
2 - In the case of digital media like text files, audio files, or movie files, you can change a byte or two and not affect the human usability one iota - for example, by adding a couple of extra blank linefeeds to a text file here and there you have the same file but it now has a different checksum.
Or, for a sound file, by changing several sound sample's values in ways undetectable to the human ear: (i.e. three consecutive sound samples in a CD quality audio file might have values of 8019,8020,8022. subtract 1 from each of them to get 8018,8019,8021 and no human being on the planet could hear the difference. Do that at 10 random places in the file. Now it has a different checksum number but is still the exact the same song - besides, you'd get more of a difference than that during the playback translation from digital to analog as the signal is used to move some speakers' membranes.
I'm sure something similar can be done for video - change all the white pixels' colors from 0xFFFFFF to OxFFFFFE - totally different checksum for the file, but no human could tell it's a different movie file by watching it.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
They do get as specific as saying "patented virtual algorithm". So here are some guesses.
- It's a joke.
- It's complete and utter snake oil.
- The "virtual algorithm" is to upload junk with same hashes as real content. What makes the algorithm "virual" is that they just haven't quite figured out how to create such files.
Those options are not mutually exclusive.Of course there was no reference to a patent filing. I am really inclined to think this is a joke.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
"You could easily say the same thing about Free software users. And yet look at the staggering number of excellent Free/OSS applications and operating systems."
Which doesn't NEED geo-scrambling or payload-hiding technology.
Since most hashing algorithms are not only NP-complete, but NP-hard, and they claim that this algorithm works in reasonable (i.e. polynomial) time on normal computers (non-deterministic turing machines and hypercomputers need not apply), then this means that P=NP.
That means they just proved virtually every mathematician wrong. (It is generally believed that P != NP, but NP is a superset of P.)
Why are they contacting the RIAA? Shouldn't they be reporting to the Clay Mathematics Institute to pick up their million-dollar award, and then swing by Stockholm to collect a few Nobel prizes? (If their claim holds, then they just said some astonishing things about the fields of modern physics and information theory.)
Tried searching some info about the company and
didn't find much at all. I'd be really sceptic
about any claims they make, seems a bit ambiguous.
Nothing to see here move along.
We all know that pirates and others will find a way around it. A different hash will be created that will prevent generated files from being created. I don't know if anyone has suggested this but why doesn't someone create a hash that also contains sample data from varios locations in within the file (ie a hash of the file followed by 100 bytes taken from begining, middle and end)(coupled with a filesize tag). The ability to create collisions within a hashing scheme like that would be even harder to do, and with a scheme somewhat similiar could make it possible to eliminate collisions all together. I don't know... just the first thought that popped into my head when i read the article
No idea how the blurb relates to the link!
:)
Blurb talks about hashs and the link talks really nasty sounding stuff but nothing about hashes. I could not read the site linked by the article however.
from the article:
"In a statement, it claims its technology can also destroy already shared files on peer to peer networks."
Destroying someones files is apparrently legal in finland?!? Wouldn't this be blatently illegal most anywhere else?
It either 'destroys' someones files or it secretly hides a program that corrupts on export. Seems like a big as legal issue as they are trying to solve !!
I can solve filesharing also as long as legalities aren't an issue
But once it's cracked, the cracked version will be better than the original version, since it doesn't come with such invasive copy protection, and will probably work on more computers because of that.
I suffer from attention surplus disorder.
I've already looked into poisoning Torrents: 1) There is a hash on the entire file (simple enough) 2) The data shared from a torrent is broken up into pieces. Contributors can only send whole pieces. (ie many people contribute to the entire file you're downloading but only 1 person contributes to a given piece). AND EACH PIECE IS HASHED. Take a look at the .torrent for yourself. The .torrent contains the hash of every piece. So not only would you have to make a file of the SAME SIZE with the SAME HASH, but every 1MB (for example) would also need to have the SAME HASH.
Not only that but if you inject enough bad pieces you get booted (and yes this can be tracked, becuase as I stated before pieces come from a single individual).
If the hash you're talking about is MD5, it has only 256 output bits (as opposed to SHA-1's 160), so you would need at most 2^256 input files to get a 'full set'.
9 5958 303487667351851366745611458 example blocks for full coverage...
While it may be the case that for some hashed values there are no bit sequences of the right length that produce the given hash result, that won't matter as they'll never be needed (since we're talking about finding bogus data with the same hash as a known file).
So the good news then is that they only need to store a maximum of
502878654038153391556973353903450940116831153
file1.dat:
00000000 d1 31 dd 02 c5 e6 ee c4 69 3d 9a 06 98 af f9 5c
00000010 2f ca b5 87 12 46 7e ab 40 04 58 3e b8 fb 7f 89
00000020 55 ad 34 06 09 f4 b3 02 83 e4 88 83 25 71 41 5a
00000030 08 51 25 e8 f7 cd c9 9f d9 1d bd f2 80 37 3c 5b
00000040 96 0b 1d d1 dc 41 7b 9c e4 d8 97 f4 5a 65 55 d5
00000050 35 73 9a c7 f0 eb fd 0c 30 29 f1 66 d1 09 b1 8f
00000060 75 27 7f 79 30 d5 5c eb 22 e8 ad ba 79 cc 15 5c
00000070 ed 74 cb dd 5f c5 d3 6d b1 9b 0a d8 35 cc a7 e3
MD5(file1.dat) = a4c0d35c95a63a805915367dcfe6b751
file2.dat:
00000000 d1 31 dd 02 c5 e6 ee c4 69 3d 9a 06 98 af f9 5c
00000010 2f ca b5 07 12 46 7e ab 40 04 58 3e b8 fb 7f 89
00000020 55 ad 34 06 09 f4 b3 02 83 e4 88 83 25 f1 41 5a
00000030 08 51 25 e8 f7 cd c9 9f d9 1d bd 72 80 37 3c 5b
00000040 96 0b 1d d1 dc 41 7b 9c e4 d8 97 f4 5a 65 55 d5
00000050 35 73 9a 47 f0 eb fd 0c 30 29 f1 66 d1 09 b1 8f
00000060 75 27 7f 79 30 d5 5c eb 22 e8 ad ba 79 4c 15 5c
00000070 ed 74 cb dd 5f c5 d3 6d b1 9b 0a 58 35 cc a7 e3
MD5(file2.dat) = a4c0d35c95a63a805915367dcfe6b751
For SHA1, you are correct. They presented an algorithm for finding collisions in full 80-round SHA1, and demonstrated the correctness of the algorithm on SHA1 reduced to 58 rounds. Here is the SHA1 announcement:
http://theory.csail.mit.edu/~yiqun/shanote.pdf
Sorry, that level of doublethink is only alowed for corporate lawyers. Your lawyer will be smacked down for trying it, since it is not a defense permitted to second-class citizens (see earlier post).
Freedom: "I won't!"
We are after all a government agency.
Freedom: "I won't!"
(great for people who appreciate freedom, but not necessarily great for RIAA, though many might argue that it is in the long run)
There is a simple python program which demonstrates this collision: http://tinyurl.com/amp43 I'd post the program but slashdot lameness test commplains about junk characters.
Charge *outragous* fees for bandwidth useage..
Make it cost more for the average joe to download a song then to go buy it at the store... ( or movie, program, etc )
Then that will effectivly stop it.. ( well, not completely, but for all practical purposes its over )
Until then, its all just a speed bump...
---- Booth was a patriot ----
Besides which, if you're serious about poisoning a p2p network, I don't see forty clients to be that much of a stretch. Hell, if you're really serious, you could put hundreds of them out on the network.
:-)
Ok then, take the one that has fourty shared instead of four hundred.
Seriosuly though as you note P2P is already "poisoned" and I think anything this company does is a drop in the bucket. Probably people will do what they've always done, which is to download a few different versions and keep the one that turns out best.
In fact will it not make it harder for enforcement companies to do thier job if there's a lot more trash on the network? What if someone is sharing a garbage file and gets sued - or even a real one! Then they could just claim they were really sharing the garbage version. After all, the CRC's are the same...
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This might solve the problems of the RIAA and MP3s, but with technologies to move ISO images where the file size is greater than say 10MB, you want to do this in chips, chunks, and hunks.
Each one is going to have an algorythm to calculate it. If each one is a different algorythm (say a simple CRC on a chip, MDA/SHA-1 on a chunk etcetra) to provide false data, and prevent being blocked from the network, then the garbage generator must come up with a file that acheives three algorythms. Boy is that an ask. Now if we lay an encrypted pipe between each node on the network, then the system can quickly demote a client as untrusted. If the client sends reliable data, their "reputation" increases. If ones reputation falls below a certain threshold, that certificate is rejectedby each other client, and the user must generate a new certificate and gain the trust of each client on the network again. (starting with a reputation of 0 once more)
Such a scheme would ensure that those who consistantly send good data would continue unabated. Those with dodgy links (noise on the line) would be slightly hampered (rather than a 100% reputation, they may be a touch less. The astroturfing, data polluting, corporate shills wiuld quickly gain a negative reputation and be booted by each individual client.
Now if a file is released with a name like "Brand new EMINEM single.mp3" and it turns out to be garbage, why would people be surprised? by the way, the above data integrity system to my knowledge has not been built, but it probably will.
A sig is placed here
To display how futile
English Haiku is
The second this gets "released" will be the second that P2P programmers will come up with a better hashing sceme and instantly defeat it.
In fact if P2P authors are listening, start NOW.
The type of people that use those programs are the type that are already used to having to upgrade them every 6 months anyway, so it'll be a zero impact issue.
I'll also chip in that dongle based software is becoming a pretty tough nut to crack apparently. Witness Steinberg's Cubase SX 3... It was released last year. I know that there was no working crack for a long time, and that may possibly still be the case. I have heard rumors that it will be impossible to completely emulate/replace/crack this software. I suppose given enough time it could be reverse engineered, but that could take until after v4 or longer? I may be way off at this point, I don't know the exact state of this situation, but as far as I know their protection is sophisticated enough now to basically be not worth the effort to run a pirate copy because of the flakey/crash-proned bad crack. Of course as an aside I've always heard Cubase SX was a peice of crap as far as MIDI timing is concerned so good luck making anything that sounds good with that POS.
According to whois.org, the registrant of viralg.com , Juha Natunen, also owns a humor site called hupsis.com.
I think one could draw some conclusions...
However, there was an interesting claim in the actual article: I take this to mean that, perhaps, they have a means to prepare a digital file (say a movie) such that the 128k segments that bittorrent hashes will have always result in the same hash, allowing them to take junk data (that also hashes to the same value) and substitute it in the bittorrent network. While this is still a substantially difficult problem, it is much more believable than breaking secure hash.
If what I am suggesting is true, then they will only be able to wreak havok on their own digitally prepared files. If you are downloading a DVD rip, for example, there is nothing they can do about it.
This will never bother anyone. It is just some finish company trying to take advantage of MPAA type paranoia. I wish them success and hope they make a bundle off of what they are doing
The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
If the RIAA authorized the free release and duplication of a product, for example titled 'New Boy Band - New Hot Song.mp3', and advertised it's parameters (size, bit rate, even a 'secure' hash value); havn't they effectively released the title with those parameters for public duplication?
It would be like standing on a street corner, announcing "Free California Oranges!", while someone next to you hands out oranges... then when the 'customer' tries to leave you say "Hey! you owe me ten dollars! That was a Florida Orange"
I know. I've seen this before.
But I repeat, this is not a preimage attack; you're not generating the collision for a chosen file, and it is thus not a problem in the P2P context. I don't think MD5 is vulnerable to this yet. If it is, please correct me.
My original point was that a good hash function is not vulnerable to either preimage OR general collisions (contrary to the OP's supposition), but even a function with general collision weakness (MD5 or SHA-l now) is not necersarially weak for certain purposes (e.g. file integrity check or the P2P stuff).
xkcd.com - a webcomic of mathematics, love, and language.
Well, kinda..
I post this here, so maybe it will be better noticed than at the bottom of the page...
According to whois.org, the registrant of viralg.com, Juha Natunen, also owns a humour site called hupsis.com.
I think one could draw some conclusions...
P2P bandwidth usage is already 60% of the world's network traffic... why not flood the internet will useless junk, and bring every internet connection back down to dialup speeds...
...I were to be using P2P software to copy some media that I own from my computer at home to one at my cottage? Wouldn't the intentional destruction of this file by a third party be an illegal activity?
Those who know, do not speak. Those who speak, do not know. ~Lao Tzu
where alot of files distributed werent packed/encoded/ripped by a group but rather an individual. i didnt rtfa and i dont plan to. another thing in my day to call bullshit on.
so bullshit.
The document was garbled, however the first page was readable.
;-). Sorry, too much h2g2)
In that page, it is mentioned that this method is used to add garbage to generate a second, garbled file that is not recognizable from a first, copyrighted file (the copyrighted part IS in the document).
That would mean that this patent is good only for copyrighted files. What if someone patents the SAME algorithm (using the SAME document) but for NOT COPYRIGHTED FILES (by adding a not to the original patent)? Either both should be accepted or not (they are both equally creative). If they are both accepted, when they fuck up and use their program on a non-copyrighted file they get sued for patent infringement.
Yes, I know it won't happen, but it was funny that the patent "works" only on copyrighted material and I wanted to make you guys notice that.
(And if you sue the hell out of them, don't forget to tell me
GPG 0x1B479C78
Initially what kind of hashes are they producing? Can they replicated md5,
:)
_ ________
sha, sha-1 etc all in a reasonable amount of time?
I doubt they can, and even if they could the hashing criteria is based on
other things as well, such as exact file size in bytes and a possible fuzzy
file name match.
So there are actually three pieces of information that have to be equivalent:
message digest + file size + fuzzy file name match
I want to see them produce 2 files that have the same hash value (be it MD5,
SHA-1 etc..) and also be of the same file size.
If they can do that my hats are off to them, if not good-night sleep tight,
don't let the bed bugs bite!
Arash Partow
_________________________________________
Be one who knows what they don't know,
Instead of being one who knows not what they don't know,
Thinking they know everything about all things.
http://www.partow.net
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
Let's see how much more accurate the headline becomes if we merely drop two words from it:
Finnish Firm Claims Fake Technology
I don't see the advantage of this.
anyone else notice that they don't say what exactly the patent numbers are and what the hell is a virtual algorithm
Use two hashes for each file. 1 md5 and 1 sha1. Getting a file that matches both and has the same file size is probably impossible. But who knows. Its just a simple small hash key and there are lots of bits in a file.
According to matlab, 2^(2^18) is infinity (integer overflow).
However, if the blocks are only 512-bytes each then 2^(2^9) is 1.3408 x 10^154.. so start from there and use the fact that squaring means multiplying the exponent by 2, 2^(2^18) is on the order of 10^78848..
DJ kRYPT's Free MP3s!
Let's just concede they can actually produce a junk file which has the same hash.
KAZAA uses weak hash that only hashes small parts of the file. Just search wikipedia for UUHash for details. Given that, injecting bad data into KAZAA is trivial, and not even worth a patent. All other P2P networks use secure hash algorithms, and are not vulnerable to this nonsense anyways.
You may not be far from the truth about Microsoft. I believe they snuck that stuff in already.
Not long ago, I copied some MP3s (made from my own CDs, thank you very much) from my Linux drive over to the XP partition and played them with WMP.
It wasn't until a few weeks later I noticed during a file search by date that these MP3s popped into the list. The dates, and file sizes, had been changed!
Quick experiment was performed: copy original from Linux, play it, see file change once it played to the end.
I have no idea what WMP added to the file, but needless to say, I was pissed that the file was modified at all. I even made sure the WMP's (available) settings had disabled everything I could find.
MS media products are not welcome in my world anymore, be it for music or video.
> Shareaza has a "commenting" system for just this purpose.
Ha, ha!
Gazillions of dilligent sharers modding up "good" files - yea, right!
Of course if I were a record company I'd mod all my fakes "excellent" and add some random comments ("ruL3z", "kewl", etc.).
Anything flooding my network is illegal.
I would sue the shit out of them.
I'm astonished that it has taken this long for a technology specifically aimed at 'poisoning' P2P systems to emerge. It probably has more to do with squeamishness in the various legal departments of the record companies than the difficulty of the problem. Fundamentally, peer to peer is a system where all the peers are trusted by all the others, and anyone can act as a peer. It relies on all the peers conforming to the protocol and behaving themselves, and there is no failsafe way of excluding those that don't. This must inevitably mean that a sufficiently motivated party could disrupt these systems, regardless of what technical measures are taken to make it harder. To keep bad clients out of the network you'd need some kind of cryptographic trust maintenance thing going on, and in order to do this you're no longer anonymous, which you aren't going to be willing to do, as you're doing something illegal. So far, attempts to poison the networks have been unsophisticated (posting 'dummy' versions of copyrighted material). This technology is more sophisticated, being able to 'jam' the broadcast of a file which as originally distributed was what it claimed to be. If this technology is successfully deployed and noone manages to convince a court that the RIAA isn't allowed to use it, expect more things on similar lines to emerge very quickly indeed. My next guess would be something that disrupts the way a client searches the network for files. I'm guessing if you inserted some non-complient peers in there and moved them around enough, it would become hard to find anything; you might be able to knock the entire service over if you were sufficiently determined. You'd have to be a reasonably smart cookie to do this, but by no means a genius. Now the really dedicated filesharer is going to find a way around these things, but the more active the RIAA is in jamming/disrupting new p2p technologies, the more active you're going to have to be to get your warez. Remember: the RIAA don't have to eliminate all piracy. They just have to make it sufficiently inconvenient that paying fees on iTunes and the like is a more attractive proposition for anyone who was likely to spend money on music in the first place. For me, they're getting there already; I find things like eMule and Kazaa and so on a pain to use due to the amount of noise there. The richer the punters are, the less tolerant they're likely to be of futzing around with kazaa and the more likely they are to pay; so by doing even a little bit of disruption you get the best customers back first. The hard core filesharers aren't worth having as customers, because a) you can't disuade them; pinching music is a matter of honor and b) they probably don't have any money anyway. All they have to do is make p2p around as inconvenient as finding someone you know who has a CD you can copy (which was where they were beforehand) and they're home free. The only obstacle between them and this outcome is legal, and remember, you can probably do this from any country with convenient laws and an internet connection. The famous lawlesness of the internet is made to serve the man after all...
FADE
SafeDisc 3
As for SAP, etc. We've all seen just what happens when you try for a fully encrypted pipeline for your digital data. someone somewhere will either find a chink in the encrypted stream, or they'll capture it before/after it hits the processing stages.
Its still amazing that the tv people talked someone into thinking limited hardware was a good idea for their broadcast flag.
[Fuck Beta]
o0t!
The fact that from over six hundred posts, I only see a few dozen suggesting the entire concept is bullshit, and only a small subsection of those that (brilliantly?) deduced that the whole thing is a joke.
Geez, it really isn't that hard. I know it's a stretch to even RTFA, but the "company" website is only a click away from that... ;) The title tag on that page is "New Page 1" - would any company raking in money by selling Total Blocking of Peer 2 Peer Sharing for Your Intellectual Property (that line cracked me up even as I typed it) seriously be that retarded?
Stare at that site real close for a minute or two. See the humor now?
I mean, seriously: "protect your revenue"? "virtual algorithm"? What is a virtual algorithm, anyway? By definition, it's an algorithm that does not exist.
And that's only the front page. Click around a bit and even more 'clues' pop up, including random statistics and physically or mathematically impossible claims.
How can anyone look at that and think "Oh crap, we need to change our hashes now!" or "You won't break MY p2p!!" instead of ROFL?
Correct this far.
If you have 3 hashes, you have to read your entire 4GB+ file from your hard drive 3 times over,
This however, is absolutely braindead and completely wrong. You are correct that reading the entire file is in general the slowest part of creating a hash, but there's no reason you'd have to do that three times for three hashes.
In general you create a hash by first initializing the hash-function, then repeatedly "updating" it with the entire contents of the file, and then finally finalizing it.
With three hashes you can trivially do that while only reading the file once by doing something like so:
In practice on a modern computer this would be more or less identically quick to a single hash. Yes, it'd consume almost 3 times the cpu, but this is (as you correctly point out) a job that is going to be io-limited anyway.
(a) Same hash: easy.
(b) Same hash and size: much harder.
(c) Same hash and size, and same hash using a second, entirely different hashing algorithm, for arbitrary data: Virtually impossible.
They would need more computers than those available in the world, for a time longer than the lifetime of the earth, to do (c) for enough files to cause a problems. And in general there is no solution that will create simultaneous collisions in two different hash algorithms for arbitrary data of arbitrary size.
They would do better to flood the networks with files of the same name, with different sizes and hashes -- that way finding the right hash is going to be difficult (it becomes a SNR problem).
AES is a block cipher, not a hash function...I guess you mean SHA-1.
Read doxpara for more info, it is possible to generate collisions in MD5 (two or more different techniques).
Let us all get together and flood the www with many many bogus sites claiming to be Viralg.
Use their own tech against them!
What would be better would be to create copies of their site with only some text changed:).
I dont know if the hash of the sites can be the same as the original, but wtf!
Dont make a better sig, you insensitive clod!
Seems that http://www.viralg.com/index.html/ 's title got broken by some mysterious gargabe-injection technology.
All we can really say is that these researchers did not demonstrate a preimage attack. However what they did demonstrate should raise serious concerns that a preimage attack might be possible. For example, I could hash the latest blockbuster movie file, saving the internal MD5 state at the last iteration. Then, proceed with their algorithm, searching for a pair of two-block extensions to add to the file which lead to MD5 collisions of the entire file. If not, why not?
Bottom line, attacks get stronger over time, never weaker. Once a crack appears, further probing generally widens the crack.
MD5 is probably ok to use in a scenario where you don't expect an active adversary, or in a keyed hash where the security is protected by a secret key. But relying on MD5 to protect data integrity against a well funded adversary is foolish at this point.
There have definitely been some interesting posts about the possibility of such a technology destroying the ambitious and forward-looking tech that is P2P. But surely this isn't a problem - as long as the only files targeted were those which would fall under some form copyright, and would therefore be illegal, then the remaining files would be left untouched. So the more interesting side of P2P (for examples sites such as http://www.10eastern.com/foundphotos/)would be left relatively untouched, as would fully legal uses of such software. I mean, you can't really complain about it being a bit more tricky to download the latest game, can you? It's a bit like a shoplifter complaining about empty display CD-cases on the shelves of record shops...
To clarify: Kazaa's old hash, pre-2.6, hashed the first 300K with MD5, then small samples of the rest of the file with crc32. There were giant ranges of file that could be changed without affecting the early Kazaa hash at all.
e r/ bitcollider/lib/ftuuhash.c?rev=1.2&view=auto
e r/ bitcollider/lib/kztree.c?rev=1.3&view=auto
Starting in 2.6, they kept that flawed hash as the first 20 bytes of 'kzhash', but then added a hash-tree based on MD5 of every 32K chunk. Much better, as long as you trust MD5 -- but anyone who's read Effugas's paper shouldn't trust MD5. (Despite the title "...harmful someday", the content of the paper suggests to me MD5 is harmful today.)
Public domain code to calculate both Kazaa hashes is available as part of the Bitcollider project. See for example for the original super-flawed hash:
http://cvs.sourceforge.net/viewcvs.py/bitcollid
Or for the 2.6-and-up improved (but still dependent on MD5) tree hash:
http://cvs.sourceforge.net/viewcvs.py/bitcollid
Finally, a question: your last throwaway line seems to imply you think that TigerTree is in some way "more exploitable" than (the newer) kzhash.
But TigerTree uses a hash against which no MD5-like cmpromising results have been announced, and a similar tree calculation method with an added leaf/node discriminant suggested by professional cryptographers.
So if there's a published or unpublished weakness there you know about, can you please supply details?
Bad files have been around for a few years now. They are the main reason I stopped using KLite and searched out something better.
Use DC++. All hubs are policed by hub owners and hub operators. When you find somebody sharing a garbage file, you just have to tell an op. The op can then tell that person to remove that file and if they don't they are banned.
The fundamental problem with kazaa and similar p2p networks is the lack of ability to deal with "bad" users who share bogus files and such. There is an easy solution to this found at http://dcplusplus.sourceforge.net/.