Slashdot Mirror


Finnish Firm Claims Fake P2P Hash Technology

An anonymous reader writes "As reported by The Inquirer, a Finnish company known as Viralg Oy claim to have developed software that can create a junk file with the same hash as a genuine p2p download. This, according to the company, can altogether stop the sharing of copywritten files by flooding p2p networks with corrupt/junk data, which then spreads through the network, causing less and less of the original file to be available. However, with the resolve of the p2p userbase, is this software really going to 'beat all Peer 2 Peer pirates at their own game,' or simply prove a minor annoyance?"

14 of 748 comments (clear)

  1. Preview/Trailer by fembots · · Score: 3, Interesting

    I guess there are two schools here.

    One believes this kind of fake files will only add burden to the internet, as users will just download one fake file after another until they got a hit.

    The other believes that such annoyance will put most people off, because the total time/cost it takes to acquire something is now higher than the actual product.

    I don't think MP3s will be affected because you can start playing the song if you've got the first bit. Can/will other file formats do that too?

  2. Possible? Yeah by robpoe · · Score: 5, Interesting

    I've always thought it would be extremely possible to create a file with the same MD5 hash.

    Now, what the company has to do is create a file of the SAME FILE SIZE, with the same MD5 hash that's a fake .. then I'll be impressed.

    --
    = Grow a brain...
  3. Minor annoyance at first.... by dgatwood · · Score: 4, Interesting
    ...but if you can create a random junk file in a reasonable period of time, the mechanism can probably be extended easily enough to make it possible to add arbitrary junk to the end of a trojaned executable in a future version of the tool....

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  4. claims? by geoffspear · · Score: 5, Interesting
    I read the article and everything I could find by following links on their website, and found no reference to how their product supposedly works, or any claim having to do with identical hashes. Did the article submitter just make up the identical hash claim, or is there more information on this product available somewhere else?

    What hashing algorithm do they claim to have broken so completely? Sounds like BS to me.

    --
    Don't blame me; I'm never given mod points.
  5. Er.. by t_allardyce · · Score: 3, Interesting

    They might be able to fake one hash, but don't most P2P networks use a combination of different hashes? if not then it would be easy to implement - you can either go for more than one different type of hash like md5 and sha etc or add salt/pepper to a chunk and make any number of hashes where each additional hash makes it insanely harder to crack..

    --
    This comment does not represent the views or opinions of the user.
  6. Agreed by John+Seminal · · Score: 5, Interesting
    I wonder why people who use P2P don't help each other out a little more. For example, you have someone with 200 files shared. They are downloading and sharing at the same time. Sometimes they download a bad file, and share it. It would make more sense to have a "unchecked" folder for downloads, then more it to the "checked" folder to share.

    What is neat, or not so neat depending on your point of view, are music files which deteriorate after a while. I don't know how they are made, but I have listened to music that sounds pretty good, but after the 10th playing it starts skipping. Or it could be those skips are not very noticable when first played, but once identified, they become annoying.

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

    1. Re:Agreed by CSMastermind · · Score: 3, Interesting

      http://www.newscientist.com/article.ns?id=dn4248

      Not definitly...I've seen that technology for games(see link) and I remember microsoft had suggested doing that for MP3s and some other things with DRM. I don't know if the it's been put into place yet or not.

    2. Re:Agreed by Nebu · · Score: 3, Interesting

      Sometimes they download a bad file, and share it. It would make more sense to have a "unchecked" folder for downloads, then more it to the "checked" folder to share.

      The filesharing programs I use force you to share the directory you download into. Sure, I could name the download directory "unchecked", but few people bother to view the full paths as set by the sources from the people they download.

      What is neat, or not so neat depending on your point of view, are music files which deteriorate after a while. I don't know how they are made, but I have listened to music that sounds pretty good, but after the 10th playing it starts skipping.

      To tell you why this happens, we'd need to know about file formats and audio player. Assuming MP3, when you modify the ID3v2 data, the file gets completely rewritten since the ID3v2 tags are written at the head (and not the tail) of the file, for example. Depending on the player, the audio data might actually be getting decoded and re-encoded.

  7. Interesting idea, how can we apply it to spam? by Progman3K · · Score: 4, Interesting

    If increasing the noise ratio on P2P networks is a good thing, maybe we can use a similar technique to defeat spammers?

    For example, if we could pollute spammers' email address databases with millions of bogus e-mail addresses, then instead of delivering millions of spam e-mails to real e-mail accounts every day, maybe spammers could only reliably send a few hundred to users, the rest of their messages would be to bogus addresses and be "noise" that spammers have to deal with.

    How could we go about doing this?

    --
    I don't know the meaning of the word 'don't' - J
  8. Re:Just an annoyance by merlin_jim · · Score: 3, Interesting

    For instance, hash with two different algorithms. In theory it is possible to find a file that can hash to the same value in two different algorithms, but its a lot harder than finding a file that hashes to a specific value in one algorithm.

    --
    I am disrespectful to dirt! Can you see that I am serious?!
  9. Re:They have cracked strong hashes, huh? by LiquidCoooled · · Score: 3, Interesting

    There is a world of difference between a valid collision and an invalid one.

    The anti p2p software appears to find invalid collisions which mean the downloaded file is useless.
    Finding collisions where the movie/app/document remains valid will be MUCH more tricky.

    --
    liqbase :: faster than paper
  10. Re:Just an annoyance by bman08 · · Score: 4, Interesting

    The magic of this system is that it also works in reverse: "Your honor, my client hates p2p filesharing. All those songs he downloaded, he thought they were phonies with duplicate hashes and deliberately shared them in order to poison the network."

  11. Re:This is so stupid by WaterBreath · · Score: 3, Interesting
    Yes it can be used for copyright violations, just like a photocopy machine or tape recorder.

    And those things were each also embroiled in copyright lawsuits by big corporations in their day. The difference is that today, the big corps have finally gained enough political leverage to get it their way.

    Corporations are the new first-class citizens. Any individual, regardless of race, gender, or creed, is second-class compared to a corporation.

    I honestly fear that by the time the American people get fed-up enough to realize this, the transformation will be complete, and we will be powerless to change it.

  12. Re:This is so stupid by patio11 · · Score: 3, Interesting

    This doesn't cripple P2P. It just makes a dent in pirate-2-pirate. There is a difference, you realize. The Blizzard Bittorrent patch downloader will still function perfectly. Indie bands who release their new CDs to Kazaa won't have anybody trying to pollute their download pools. And it probably won't even work, more's the pity.