Back off dude. There are a lot of us out here who are forced to use IE at work.
I have sympathy for you the user, but I agree with the grandparent poster, but redirect the "they deserve this" attitude to the employer.
If they don't give you the choice NOT to use IE, and they don't take responsibility themselves to make it secure for you, then they absolutely deserve to get bitten by this and much worse. There are solutions. If they get bitten, it really is their own fault. Using a different browser is one of the possible solutions, but not the only one, although probably one of the best ones.
What about the poor sods who have to use IE at work?
....(unfortunately) from a machine at work with IE, on which another browser is not an option. Educating an employer is often a slow, painful, laborious process.
Some employers allow people to run other browsers. A smart policy, having rewards.
Some employers lock everything down and do not allow other software. A sensible policy in some scenerios. But when there are professional IT people in charge, then they would already have configured the locked down IE to be secure, and stupid end users won't get any "Is it okay if I install tons of spyware, adware and stealware from con artist vendor, signed by unscrupulous developer to take over your system?"
The employers who lock down your choices, but don't also take responsibility for the security are generally either (1) stupid, (2) have an "IT depertment" run by MCSE trained chimpanzees, (3) all of the above.
If I really wanted to be evil I could write a self installing applet to default IE to the goatse.cx page everytime it opened upon a vistor visiting my site with an earlier browser.
You don't need an applet. Someone on slashdot has already done this. See this slashdot post, which, if you click the link in the posting, takes your browser on a carefully crafted roller coaster of 302 Object Moved across several different servers, eventually leading you to either the correct (advertised) New York Times article, or to goatse.cx if you are using IE. See my four replies under the post that explain how this was done. Note that the first of my replies was moderated as Troll because I was warning people about a goatse link.
That term, I don't understand it. "Legitimate popups"? That doesn't parse.
Suppose I build a sophisticated application, such as a complex accounting system, that uses a browser as it's interface. I want the web-based experience to mimic the traditional thick-client application that you would normally have to install at the workstation.
The application starts with a splash screen, followed by a main menu. You can navigate around the large menu structure, using various methods. Once you pick a function, such as Enter a Purchase Order (from Accounts Payable menu), or Calculate Net Pay (from Payroll menu), then a new window appears with that function. The menu window is still in its original window. This is how the thick client works (albeit in an MDI fashion), and is how the web-based application is to work.
There you have it, an example of legitimate popup windows.
Whatever the reason, there are legitimate popup windows that the end user at the web browser actually might WANT to pop up. Just because you can't imagine or envision WANTING a popup window, doesn't mean it does not exist. BTW, that is my definition of a "legitimate popup window" -- that is, a popup window that you WANT to pop up.
Enter the customer ID here, or click here to popup a list of customer id's that you can browse and select from.
Oh, so no one has the right to criticized the Tower of Babel unless she has invented her own superior language?
I didn't mean any offense. But I perceive your remark as the typical slashdot complain about something, but do nothing. FLAC's lossless compression might be just about as good as it gets.
It is just a 50% decrease over WAV is not enough to trouble switching to FLAC and re-encoded all of my WAV files to FLAC. Or adding to mountain of codecs IN MY HOME. I don't care what codecs you use - knock yourself out. Just don't lay your bum trip on me.
This depends, perhaps on two things: (1) how large your collection is, and (2) how easily you can automate the conversion.
I actually prefer my software (and hardware devices) to have support for as many formats as possible (except WMA), to give me greatest compatibility. (Not having WMA is my choice.) I still might only keep my files encoded in a (very) limited number of formats.
If you're a geek, you *can* have luck with the ladies; especially if you've got a job and some cash to spend. Shave that beard, get a decent haircut. Buy some nice clothes. Go out, drink a coupla beers, and just talk to women.
You forgot one: take a shower.
I swear, if this gets modded as Insightful or Informative, I'm gonna worry...
some of 'em inevitably "see the sights" till it makes 'em go blind and they have to be carried back to the ship
As a teenager, when asking, I was given a direct answer that I would most certianly NOT go blind!
You must have been thinking drinking of something else. I was thinking of seeing other sites, and walking back to the ship with a large smile as opposed to being blind and being carried back. (And possibly smelling of cheap perfume?) But I'm only assuming, having personally never been in the military.
This is like decaf coffee and nicotine-less smokes.
At least the nicotine-less smokes still cause cancer.
You also forgot to mention all the potential dates here on slashdot. At least, you can still find someone to kiss on slashdot... oh, wait... nevermind.
What good are these CPU hogging, network lagging programs if they aren't delivering pirated software and p0rn?
Fullfilling their purpose, just like the above items you mentioned.
Just as in the above cases, part of Corporate America's master plan to remove all joy from the universe. (+1 Insightful)
all these guys who are shooting the guns and such, need something to do during the 99.99% of the time that the ship is not engaged in sea battles.
I don't think that is one of the military's major concerns. They can always find something to do. Cleaning. Maintenance. Think of it as lots of cheap labor. During an actual firefight, there are a lot of these activities that can suddenly be dispensed with altogether.
Wouldn't walkie talkies be just about as (or even more) effective for giving orders? As for staying informed, maybe the only information needed is "Hey, captian, get your butt up here NOW! We're under a tack." Plus, the ability to give a few general orders on the way, such as "Raise the shields!"
With all of the damn codecs in the world, one that only provides 50% saving is just Not Ready for Prime Time. Somehow, with all of the repetition in music, there has GOT to be a way to do better than that.
I'm sure everyone here would welcome any successes you have in researching this.
Storing in one format and then have to convert to another all of the time just not an option. Maybe when memory is a dollar a gigabyte (and I mean RAM!), them this might be a choice - but I am hoping for something better.
Maybe you're missing the point. FLAC is a replacement for WAV. That is, a lossless way to store sound, and still be able to use it, via. direct playability in XMMS and WinAmp.
If you want small, then use mp3 or ogg, which is for small but lossy files. If, after encoding to mp3, you still keep your old WAV files, in order to be able to re-encode into any other lossy format, then FLAC is useful to convert your WAV collection to -- not as a replacement for mp3 or ogg.
Ah, Comrad, I see you have an encrypted filesystem on your laptop. Don't you know this should be illegal? You must be hiding mp3's on your hard drive! Quick! Sieze him! (by the balls)
Users of encrypted filesystems should have to pay a piracy tax to the RIAA to help cover their losses due to piracy.
The first thing I noticed on the game was the rating in the lower left corner of the screenshot. Rated T for teen. Blood and Violence.
This struck me as amusing. Since that's all it said, it could easily be read as saying that "this is especially recommended for teens, since it contains blood and violence."
No need to be hostile. My point simply is that you're not going to break MD5 anytime soon with forseeable technology.
There are more like 2^128 combinations. So you would need to generate 2^127 files to even have a 50/50 chance of having a duplicate.
Someone please correct me, but isn't the number of particles in the universe something on the order of about 2^150 or somesuch? I thought I remembered reading this somewhere, or maybe I'm just imagining it?
Trust may be a "brownie points" or "karma" type thing. You may establish how many trust points Alice has before you also decide to trust her recommendations.
Your client software should also track trust linkages. If I suddenly don't trust Alice anymore, then maybe I don't trust any of her recommended nodes, if none of the other nodes I trust also recommend those nodes. Thus once an RIAA node violates my trust, I might immediately stop trusting their entire incestous inbreeding network.
Why not then just cache all of the possible blocks on your system, obtain the instructions for building the file, then construct it from the blocks stored on your own system! It would take much less time to download it, too.
How can you possibly cache all possible blocks?
Suppose a block is 4K bytes. The number of possible blocks is quite large.
To clarify my idea, what I'm saying is that all files are made of blocks. Each 4K block of data has an MD5 hash. The has is the block's "filename". So I can request a block named Fred or Jim, but the names are more like block number 0x029838753789, or block number 0x839287537829. When you request a file, you get back a list of blocks names (i.e. numbers) needed to rebuild that file. The list can be easily checksumed to make sure it is valid, and not pollution from a spammer. Because the list of blocks to make a song is much smaller than a song itself. Now that you know the blocks, you can request each block. Each block may be offered by many different hosts. You can simultaneously download the different blocks from different sources. In fact, no one node may have all of the blocks to make up any single complete song. Therefore, is anyone guilty of copyright infringement? Especially if the block isn't the raw contents, but you need three different 4K blocks XORed together in order to produce one 4K segment of the music?
Because of the nature of MD5, no two blocks will have the same hash value.
Maybe instead of 4K blocks, I should be talking about block sizes that fit into the typical MTU. That way, UDP could be used to transfer blocks instead of TCP?
Yes but, if it is true that multiple files hash to the same MD5
But they don't, and that's the point. It is computationally infeasable to ever find two blocks of data that hash to the same value. So nothing else is needed.
You're trying to design a better hash, and the people who designed MD5 are already experts at this.
But it would be hard certainly to get an audio file with digraded sound to match MD5 number.
The whole point of MD5 is that you cannot do this.
If you can alter a file, or for that matter produce any file with the same MD5 hash, then you can break digital signatures and certificates. You would be famous. Publish a paper.
In fact, you could achieve fame by simply producing two small blocks of data that produce the same MD5 value. If you think it can actually be done, all you've got to do is post the two blocks. No more and no less than I would ask of anyone trying to sell me a perpetual motion machine.
You could just keep adding noise and checking the MD5 number
By the time you find a matching file will humans still exist? The earth?
till you tuned in on the MD5 result.
MD5 does not work this way. It has what cryptographers call "good diffusion properties". Alter one bit of the input and approximately 50% of the bits in the output change. So you can't "tune in" on a value. Otherwise, if you could, you would defeat the whole purpose of MD5.
But I never said that I could do it in a reasonable amount of time.
But that is all that matters practically. By saying that you can't do it in any reasonable time reinforces that MD5 has value in what it does.
I later read elsewhere that currently there are no two known blocks of data that have ever had the same MD5 has result.
Well I wasn't the earlier poster.
You're right, and I apologize. I noticed this myself after I had posted and looked at the entire discussion thread zoomed out more.
Actually, if you want to be technical, there is respected research that md5 can at least be bent, so that the data can be slightly modified, and still yield the same MD5 sum in about 24 days on average with a 10 million dollar machine (in 1994).
If true, I could call that broken, not bent. Slightly modified is all the better. I can produce a document with the same MD5 checksum as something you digitally signed, and then claim that my document is the one you signed.
But you said never.
You're right, I did. Just to make a point though. Obviously, enough hypothetical horsepower could break it. (1 Horsepower = the amount of computation that one horse can accomplish in one day.)
I remember an earlier slashdot article about these guys having hundreds of different nodes, and by that they could then easily give themselves "karma points".
Can't a network like PGP work? A network of trust is built up. If I trust your node, then once you get enough trust points, I might also trust the nodes that you trust -- to a certian level.
In order for an RIAA node to ever get my trust, it would have to either earn my trust by providing good downloads, or would have to be trusted by someone I already trust.
Once the RIAA node violates my trust, I might suddenly have less trust for any nodes that IT ALONE had trusted, that I didn't get trust for from other trusted nodes? (Did that make sense?):-)
Thus, one bad RIAA node may suddenly make me lose trust for their entire incestuous inbreeding network.
What you do is use several tumblers to the lock. Maybe an MD5sum, the file size (much harder to get both the same) and maybe a simple checksum of some appropriate algorithm. It becomes probably practically impossible to get all three to agree.
A good idea. But this is already the very nature of MD5.
If you're getting enough random errors to conclude that no two rips will have the same MD5 sum, then you must have one heck of a crappy CD-drive.
I'm not sure, but I think that you can get different rips of the same cd track. I seem to remember that cdparanoia's docs had some detail on this. Something called "digital jitter" or somesuch. Just recalling from memory.
I'm certianly not an expert on all the levels of what goes on in ripping.
Secondly, we only presume MD5 to be a good one way hash--there is no absolute proof that it is. There might be some novel approach that we just don't know about yet.
True indeed.
Just like we might find a way to easily find the prime factors of huge composite numbers. Which would render public key cryptography useless. But mathematicians smarter than us seem to think this is not likely. So your suggestion that it might happen doesn't mean much. After all, we might find a way to travel faster than light.
I can certainly generate SOME file (even if it is ugly) that will match your MD5 hash (and pass your signature with flying colors).
All you have to do to proove that a program could be written that could break MD5 is to post two tiny blocks of data which have the same MD5 hash. Basically the same simple test I would offer to anyone claiming a perpetual motion machine. Simply demonstrate it. If you break MD5 you could be famous.
Thirdly, by definition, no one-way hash can rule out the possiblity of brute forcing the hash by throwing enough stuff at it with the hope that something else will generate the same hash.
It is a given that something else will generate the same hash. I agreed with this point in your earlier post. It is just finding it that is the problem. If the RIAA wants to spend hundreds of millions of dollars to build a machine that might possibly find a block of data that hashes to the same hash as one mp3 file, then I would be right there cheering them on.
Throw enough horsepower at any problem, and you can solve it by brute force. Heck, in theory, you could exhaustively search the keyspace for a 2048-bit key. Extra credit: How many machines were working for how many years on the RC-64 challenge?
In 50 years even there is every reason to think that this would be a trivial task.
It's premature to say this. Only time will tell.
A key principal of cryptography is that you pick key lengths and algorithms that remain unbroken not just based on today's technology, but based on tomorrow's technology and how long the secrecy of the data remains important.
For instance, each bit of additional length added to a key doubles the keyspace that must be searched. Moore's law, if it continues to hold true, says that computer power doubles every 18 months. Now you figure out how many extra bits you need to add in order to prevent a successful attack within a 50-billion year timeframe. A 2048-bit key, for instance, is probably adequate over a 64-bit key.
As to your hypothesis that MD5 can be broken, you may be right. Maybe it will be. But I wouldn't hold my breath.
Slashdot Mirror
Let's try to head the inevitible troll post off at the pass. It happens every single friggin time an XBox-Linux discussion appears.
Why do XBox Linux? <insert boring list of reasons why a standard PC is better>
Because it's there!
Any more questions?
Back off dude. There are a lot of us out here who are forced to use IE at work.
I have sympathy for you the user, but I agree with the grandparent poster, but redirect the "they deserve this" attitude to the employer.
If they don't give you the choice NOT to use IE, and they don't take responsibility themselves to make it secure for you, then they absolutely deserve to get bitten by this and much worse. There are solutions. If they get bitten, it really is their own fault. Using a different browser is one of the possible solutions, but not the only one, although probably one of the best ones.
What about the poor sods who have to use IE at work?
....(unfortunately) from a machine at work with IE, on which another browser is not an option. Educating an employer is often a slow, painful, laborious process.
Some employers allow people to run other browsers. A smart policy, having rewards.
Some employers lock everything down and do not allow other software. A sensible policy in some scenerios. But when there are professional IT people in charge, then they would already have configured the locked down IE to be secure, and stupid end users won't get any "Is it okay if I install tons of spyware, adware and stealware from con artist vendor, signed by unscrupulous developer to take over your system?"
The employers who lock down your choices, but don't also take responsibility for the security are generally either (1) stupid, (2) have an "IT depertment" run by MCSE trained chimpanzees, (3) all of the above.
If I really wanted to be evil I could write a self installing applet to default IE to the goatse.cx page everytime it opened upon a vistor visiting my site with an earlier browser.
You don't need an applet. Someone on slashdot has already done this. See this slashdot post, which, if you click the link in the posting, takes your browser on a carefully crafted roller coaster of 302 Object Moved across several different servers, eventually leading you to either the correct (advertised) New York Times article, or to goatse.cx if you are using IE. See my four replies under the post that explain how this was done. Note that the first of my replies was moderated as Troll because I was warning people about a goatse link.
That term, I don't understand it. "Legitimate popups"? That doesn't parse.
Suppose I build a sophisticated application, such as a complex accounting system, that uses a browser as it's interface. I want the web-based experience to mimic the traditional thick-client application that you would normally have to install at the workstation.
The application starts with a splash screen, followed by a main menu. You can navigate around the large menu structure, using various methods. Once you pick a function, such as Enter a Purchase Order (from Accounts Payable menu), or Calculate Net Pay (from Payroll menu), then a new window appears with that function. The menu window is still in its original window. This is how the thick client works (albeit in an MDI fashion), and is how the web-based application is to work.
There you have it, an example of legitimate popup windows.
Whatever the reason, there are legitimate popup windows that the end user at the web browser actually might WANT to pop up. Just because you can't imagine or envision WANTING a popup window, doesn't mean it does not exist. BTW, that is my definition of a "legitimate popup window" -- that is, a popup window that you WANT to pop up.
Enter the customer ID here, or click here to popup a list of customer id's that you can browse and select from.
Oh, so no one has the right to criticized the Tower of Babel unless she has invented her own superior language?
I didn't mean any offense. But I perceive your remark as the typical slashdot complain about something, but do nothing. FLAC's lossless compression might be just about as good as it gets.
It is just a 50% decrease over WAV is not enough to trouble switching to FLAC and re-encoded all of my WAV files to FLAC. Or adding to mountain of codecs IN MY HOME. I don't care what codecs you use - knock yourself out. Just don't lay your bum trip on me.
This depends, perhaps on two things: (1) how large your collection is, and (2) how easily you can automate the conversion.
I actually prefer my software (and hardware devices) to have support for as many formats as possible (except WMA), to give me greatest compatibility. (Not having WMA is my choice.) I still might only keep my files encoded in a (very) limited number of formats.
If you're a geek, you *can* have luck with the ladies; especially if you've got a job and some cash to spend. Shave that beard, get a decent haircut. Buy some nice clothes. Go out, drink a coupla beers, and just talk to women.
You forgot one: take a shower.
I swear, if this gets modded as Insightful or Informative, I'm gonna worry...
some of 'em inevitably "see the sights" till it makes 'em go blind and they have to be carried back to the ship
As a teenager, when asking, I was given a direct answer that I would most certianly NOT go blind!
You must have been thinking drinking of something else. I was thinking of seeing other sites, and walking back to the ship with a large smile as opposed to being blind and being carried back. (And possibly smelling of cheap perfume?) But I'm only assuming, having personally never been in the military.
This is like decaf coffee and nicotine-less smokes.
At least the nicotine-less smokes still cause cancer.
You also forgot to mention all the potential dates here on slashdot. At least, you can still find someone to kiss on slashdot... oh, wait... nevermind.
What good are these CPU hogging, network lagging programs if they aren't delivering pirated software and p0rn?
Fullfilling their purpose, just like the above items you mentioned.
Just as in the above cases, part of Corporate America's master plan to remove all joy from the universe. (+1 Insightful)
all these guys who are shooting the guns and such, need something to do during the 99.99% of the time that the ship is not engaged in sea battles.
I don't think that is one of the military's major concerns. They can always find something to do. Cleaning. Maintenance. Think of it as lots of cheap labor. During an actual firefight, there are a lot of these activities that can suddenly be dispensed with altogether.
When a ship is in port overseas, usualy one third of the crew is "on duty" at time. The other two thirds can go ashore and see the sights.
Well, I suppose, that's one way to put it nicely.
Wouldn't walkie talkies be just about as (or even more) effective for giving orders? As for staying informed, maybe the only information needed is "Hey, captian, get your butt up here NOW! We're under a tack." Plus, the ability to give a few general orders on the way, such as "Raise the shields!"
With all of the damn codecs in the world, one that only provides 50% saving is just Not Ready for Prime Time. Somehow, with all of the repetition in music, there has GOT to be a way to do better than that.
I'm sure everyone here would welcome any successes you have in researching this.
Storing in one format and then have to convert to another all of the time just not an option. Maybe when memory is a dollar a gigabyte (and I mean RAM!), them this might be a choice - but I am hoping for something better.
Maybe you're missing the point. FLAC is a replacement for WAV. That is, a lossless way to store sound, and still be able to use it, via. direct playability in XMMS and WinAmp.
If you want small, then use mp3 or ogg, which is for small but lossy files. If, after encoding to mp3, you still keep your old WAV files, in order to be able to re-encode into any other lossy format, then FLAC is useful to convert your WAV collection to -- not as a replacement for mp3 or ogg.
Even with the lust, there are specific compatibility problems. I am still unable to get an AIBO to mate with a Clie NZ90 using its big memory stick.
I can just imagine Hillary Rosen's successor...
Ah, Comrad, I see you have an encrypted filesystem on your laptop. Don't you know this should be illegal? You must be hiding mp3's on your hard drive! Quick! Sieze him! (by the balls)
Users of encrypted filesystems should have to pay a piracy tax to the RIAA to help cover their losses due to piracy.
The first thing I noticed on the game was the rating in the lower left corner of the screenshot. Rated T for teen. Blood and Violence.
This struck me as amusing. Since that's all it said, it could easily be read as saying that "this is especially recommended for teens, since it contains blood and violence."
No need to be hostile. My point simply is that you're not going to break MD5 anytime soon with forseeable technology.
There are more like 2^128 combinations. So you would need to generate 2^127 files to even have a 50/50 chance of having a duplicate.
Someone please correct me, but isn't the number of particles in the universe something on the order of about 2^150 or somesuch? I thought I remembered reading this somewhere, or maybe I'm just imagining it?
Trust may be a "brownie points" or "karma" type thing. You may establish how many trust points Alice has before you also decide to trust her recommendations.
Your client software should also track trust linkages. If I suddenly don't trust Alice anymore, then maybe I don't trust any of her recommended nodes, if none of the other nodes I trust also recommend those nodes. Thus once an RIAA node violates my trust, I might immediately stop trusting their entire incestous inbreeding network.
Why not then just cache all of the possible blocks on your system, obtain the instructions for building the file, then construct it from the blocks stored on your own system! It would take much less time to download it, too.
How can you possibly cache all possible blocks?
Suppose a block is 4K bytes. The number of possible blocks is quite large.
To clarify my idea, what I'm saying is that all files are made of blocks. Each 4K block of data has an MD5 hash. The has is the block's "filename". So I can request a block named Fred or Jim, but the names are more like block number 0x029838753789, or block number 0x839287537829. When you request a file, you get back a list of blocks names (i.e. numbers) needed to rebuild that file. The list can be easily checksumed to make sure it is valid, and not pollution from a spammer. Because the list of blocks to make a song is much smaller than a song itself. Now that you know the blocks, you can request each block. Each block may be offered by many different hosts. You can simultaneously download the different blocks from different sources. In fact, no one node may have all of the blocks to make up any single complete song. Therefore, is anyone guilty of copyright infringement? Especially if the block isn't the raw contents, but you need three different 4K blocks XORed together in order to produce one 4K segment of the music?
Because of the nature of MD5, no two blocks will have the same hash value.
Maybe instead of 4K blocks, I should be talking about block sizes that fit into the typical MTU. That way, UDP could be used to transfer blocks instead of TCP?
Yes but, if it is true that multiple files hash to the same MD5
But they don't, and that's the point. It is computationally infeasable to ever find two blocks of data that hash to the same value. So nothing else is needed.
You're trying to design a better hash, and the people who designed MD5 are already experts at this.
But it would be hard certainly to get an audio file with digraded sound to match MD5 number.
The whole point of MD5 is that you cannot do this.
If you can alter a file, or for that matter produce any file with the same MD5 hash, then you can break digital signatures and certificates. You would be famous. Publish a paper.
In fact, you could achieve fame by simply producing two small blocks of data that produce the same MD5 value. If you think it can actually be done, all you've got to do is post the two blocks. No more and no less than I would ask of anyone trying to sell me a perpetual motion machine.
You could just keep adding noise and checking the MD5 number
By the time you find a matching file will humans still exist? The earth?
till you tuned in on the MD5 result.
MD5 does not work this way. It has what cryptographers call "good diffusion properties". Alter one bit of the input and approximately 50% of the bits in the output change. So you can't "tune in" on a value. Otherwise, if you could, you would defeat the whole purpose of MD5.
But I never said that I could do it in a reasonable amount of time.
But that is all that matters practically. By saying that you can't do it in any reasonable time reinforces that MD5 has value in what it does.
I later read elsewhere that currently there are no two known blocks of data that have ever had the same MD5 has result.
Well I wasn't the earlier poster.
You're right, and I apologize. I noticed this myself after I had posted and looked at the entire discussion thread zoomed out more.
Actually, if you want to be technical, there is respected research that md5 can at least be bent, so that the data can be slightly modified, and still yield the same MD5 sum in about 24 days on average with a 10 million dollar machine (in 1994).
If true, I could call that broken, not bent. Slightly modified is all the better. I can produce a document with the same MD5 checksum as something you digitally signed, and then claim that my document is the one you signed.
But you said never.
You're right, I did. Just to make a point though. Obviously, enough hypothetical horsepower could break it. (1 Horsepower = the amount of computation that one horse can accomplish in one day.)
I remember an earlier slashdot article about these guys having hundreds of different nodes, and by that they could then easily give themselves "karma points".
:-)
Can't a network like PGP work? A network of trust is built up. If I trust your node, then once you get enough trust points, I might also trust the nodes that you trust -- to a certian level.
In order for an RIAA node to ever get my trust, it would have to either earn my trust by providing good downloads, or would have to be trusted by someone I already trust.
Once the RIAA node violates my trust, I might suddenly have less trust for any nodes that IT ALONE had trusted, that I didn't get trust for from other trusted nodes? (Did that make sense?)
Thus, one bad RIAA node may suddenly make me lose trust for their entire incestuous inbreeding network.
What you do is use several tumblers to the lock. Maybe an MD5sum, the file size (much harder to get both the same) and maybe a simple checksum of some appropriate algorithm. It becomes probably practically impossible to get all three to agree.
A good idea. But this is already the very nature of MD5.
If you're getting enough random errors to conclude that no two rips will have the same MD5 sum, then you must have one heck of a crappy CD-drive.
I'm not sure, but I think that you can get different rips of the same cd track. I seem to remember that cdparanoia's docs had some detail on this. Something called "digital jitter" or somesuch. Just recalling from memory.
I'm certianly not an expert on all the levels of what goes on in ripping.
Secondly, we only presume MD5 to be a good one way hash--there is no absolute proof that it is. There might be some novel approach that we just don't know about yet.
True indeed.
Just like we might find a way to easily find the prime factors of huge composite numbers. Which would render public key cryptography useless. But mathematicians smarter than us seem to think this is not likely. So your suggestion that it might happen doesn't mean much. After all, we might find a way to travel faster than light.
I can certainly generate SOME file (even if it is ugly) that will match your MD5 hash (and pass your signature with flying colors).
All you have to do to proove that a program could be written that could break MD5 is to post two tiny blocks of data which have the same MD5 hash. Basically the same simple test I would offer to anyone claiming a perpetual motion machine. Simply demonstrate it. If you break MD5 you could be famous.
Thirdly, by definition, no one-way hash can rule out the possiblity of brute forcing the hash by throwing enough stuff at it with the hope that something else will generate the same hash.
It is a given that something else will generate the same hash. I agreed with this point in your earlier post. It is just finding it that is the problem. If the RIAA wants to spend hundreds of millions of dollars to build a machine that might possibly find a block of data that hashes to the same hash as one mp3 file, then I would be right there cheering them on.
Throw enough horsepower at any problem, and you can solve it by brute force. Heck, in theory, you could exhaustively search the keyspace for a 2048-bit key. Extra credit: How many machines were working for how many years on the RC-64 challenge?
In 50 years even there is every reason to think that this would be a trivial task.
It's premature to say this. Only time will tell.
A key principal of cryptography is that you pick key lengths and algorithms that remain unbroken not just based on today's technology, but based on tomorrow's technology and how long the secrecy of the data remains important.
For instance, each bit of additional length added to a key doubles the keyspace that must be searched. Moore's law, if it continues to hold true, says that computer power doubles every 18 months. Now you figure out how many extra bits you need to add in order to prevent a successful attack within a 50-billion year timeframe. A 2048-bit key, for instance, is probably adequate over a 64-bit key.
As to your hypothesis that MD5 can be broken, you may be right. Maybe it will be. But I wouldn't hold my breath.