Slashdot Mirror

← Back to Stories (view on slashdot.org)

Finnish Firm Claims Fake P2P Hash Technology

Posted by timothy on from the spy-vs.-spy-isn't-even-to-frame-2-yet dept.

An anonymous reader writes "As reported by The Inquirer, a Finnish company known as Viralg Oy claim to have developed software that can create a junk file with the same hash as a genuine p2p download. This, according to the company, can altogether stop the sharing of copywritten files by flooding p2p networks with corrupt/junk data, which then spreads through the network, causing less and less of the original file to be available. However, with the resolve of the p2p userbase, is this software really going to 'beat all Peer 2 Peer pirates at their own game,' or simply prove a minor annoyance?"

19 of 748 comments (clear)

  1. Just an annoyance by whoppers · · Score: 4, Insightful

    People will always creatively find a way around everything!

    1. Re:Just an annoyance by ePhil_One · · Score: 3, Insightful

      Any evidence that what they've really done is found a way to trick the P2P software into reporting whatever hash they want for a given file? The remote client can't really verify the hash until the complete file is downloaded, so you are clearly relying on the comprimised remote computer to computre this. So if they lie about the hash and stream /dev/random onto the network, what is the check?

      --
      You are in a maze of twisted little posts, all alike.
  2. Allow me to be one the first to say... by Ann+Elk · · Score: 5, Insightful

    Bullshit. "Virtual Algorithms" my ass.

    1. Re:Allow me to be one the first to say... by bigberk · · Score: 5, Insightful
      Bullshit. "Virtual Algorithms" my ass.
      You called it. They can either do proper MD5/SHA1 collisions with unchanged filesize, or they can't. My guess is, they can't.
  3. For all the new 'copysafe' tech that comes out... by FortKnox · · Score: 3, Insightful

    ... it only takes most pirates (at most) a week to find a work around and everything is back to (pirating) normal.

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  4. Re:They have cracked strong hashes, huh? by martok · · Score: 5, Insightful

    Indeed. In order for example to do this with
    BitTorrent, they would need to be able to
    generate colisions in sha1 hashes. The
    implications of which would go well beyond p2p.

  5. Possible Solution by BlacBaron · · Score: 3, Insightful

    Use 2 (or more) different hashing algorithms on the file, and check the file size.

    I'm pretty sure that should reduce the collisions to some stupidly small value.

    --
    Update Watch - Automatic software update notification
  6. Only The Whole File? by TheFlyingGoat · · Score: 5, Insightful

    Don't most P2P programs use MD5? I was also under the assumption that P2P programs do a checksum on each piece of the file they receive, and if it's inaccurate it automatically re-downloads that part of the file. I've had pieces of a bittorrent download fail due to corruption and the client has just downloaded that part again.

    Seems like this company's setup would only work in very specific circumstances, meaning it won't have much of an effect at all.

    --
    You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
  7. Re:They have cracked strong hashes, huh? by CharonX · · Score: 5, Insightful

    And the best:
    You cracked SHA-1. Oh well, time to switch to SHA-256

    --
    +++ MELON MELON MELON +++ Out of Cheese Error +++ redo from start +++
  8. Re:They have cracked strong hashes, huh? by Sycraft-fu · · Score: 5, Insightful

    I'm sure that they just found some P2P client that has a weak hash and managed to make a generator for that. Then they are either morons that don't know there's more than one hash algorithm, or they do and are just pimping it to try and get money.

    Either way, I give it about a 0 chance they figured out how to quickly find collisions in a strong hash space. If they had, they'd be talking to the NSA, not the RIAA.

  9. By God by somethinghollow · · Score: 4, Insightful

    If I have one of these files and share the hell out of it, I better not be contacted by RIAA. If this spreads, not only will it make sharing difficult, it will make tracking legitimate (haha) piracy more difficult to detect. This (sort of) reminds me of a more high tech version of the time everyone started changing the name of their tracks to things like "Br1tn3y Sp34rs" to evade blocked searches.

  10. Collateral Damage by DumbSwede · · Score: 4, Insightful
    Since P2P can also distribute legitimate files (I am looking into one such project even now) this can only be seen as something that will lead to unintended collateral damage(assuming it works of course).

    Here is a tool specifically designed to cripple the flow of data, how can it be thought of as anything but a virus? Should it work I could see TV and Movie studios using it surreptitiously to cripple net-based fledgling media companies.

    This should be outlawed just like another intentionally malevolent software. Why shouldn't everyone write viruses and malware when the big guys do it and the government sanctions it. This is just the kind of thing that keeps web commerce from taking off to its full potential.

    --
    Letter To Iran
  11. Re:They have cracked strong hashes, huh? by jdray · · Score: 3, Insightful
    ...or they do and are just pimping it to try and get money

    Safe money bets that horse.

    --
    The Spoon
    Updated 6/28/2011
  12. Re:They have cracked strong hashes, huh? by drgonzo59 · · Score: 4, Insightful

    Agree, this is more like news for the marketing and general folk who don't know what hash is. From the news post the implication is that they can generate another file with the same hash as a given file. If they had indeed found a crack in all the hash algorithms (all SHAs and MDs) the news wouldn't be about P2P but about a major breakthrough in cryptography.

  13. Re:They have cracked strong hashes, huh? by me+at+werk · · Score: 3, Insightful

    Wouldn't it not be the same size, though? "Wow, this Britney Spears MP3 is 5 times the size yet it has the same hash!"

    Sure, you can find a collision, but finding a collision which has a size close enough to the more popular real file is a lot more difficult, I'd think.

    --
    For context, click Parent.
  14. Re:Agreed by Have+Blue · · Score: 4, Insightful

    Because the vast, vast majority of P2P users are trying to get stuff for free, not create an alternative-media-distribution free-expression utopia. They're not going to do anything on anyone else's behalf because it does not directly benefit them or immediately help them get more free stuff faster.

  15. This is so stupid by commodoresloat · · Score: 5, Insightful
    If the copyright issues were not present here and someone built a program that did something like this, they would be universally reviled as a malicious hacker. Hey! Here's a program that creates phony web pages with false information masquerading as legitimate pages! Here's one that copies Excel spreadsheets on the web and subtly pollutes the database with phony information, then stores multiple copies around with the same name! This handy tool attaches to a photocopy machine and randomly scrambles the words on the page you are photocopying!!

    P2P is a technology. Yes it can be used for copyright violations, just like a photocopy machine or tape recorder. But it also has amazing possibilities in terms of creating a universal organic archive. Crippling like this -- and through using lawsuits -- is an unnecessary attack on a system in its infancy.

    The copyright issues will work themselves out -- until the 20th century human art and ingenuity survived for thousands of years without the ability to make millions selling recorded music and video. If p2p has a major effect on the entertainment industry's ability to profit (and I'm still not convinced that it really will), human art and culture will survive. And people will continue to find ways to make a living creating art.

  16. RIAA can lie to the tracker by davidwr · · Score: 3, Insightful

    The RIAA can put out "evil clients" that find good files and lie to the tracker telling the tracker it's a bad file.

    Unless the tracker double-checks the file itself, or has some way to trust the clients it's getting reports from, it's vulnerable to being lied to.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  17. Nope by No+Such+Agency · · Score: 3, Insightful

    Sorry, that level of doublethink is only alowed for corporate lawyers. Your lawyer will be smacked down for trying it, since it is not a defense permitted to second-class citizens (see earlier post).

    --
    Freedom: "I won't!"