fake files now on all networks????? hashes can be cracked?

[Storm]

http://www.slyck.com/news.php?story=750


im no expert at this, but to fake a hash, you would have to change something in the original content in such a way that it the changes counter balance eachother on the effect it would have on the hash, since i doubt each hash is truely unique (that wouldnt be possible since the hashes arent as big as the original files), so there has to be a file with a matching hash........

however, that file also has to be the same size........

plus since they use an alogrithm, to crack it, it would be like force cracking a password..... and take ALOT of tries......... i doubt its possible........

btw, i love the

BMG Finland is praising the technology for increasing their market share from 15% to 25%. Furthermore music protected by the service has stayed in the Finnish Top40 charts for an average of 14.5 weeks, where the average is just 8.7 weeks.

now if that isnt being creative with statistics?

what files will most likely be asked to be protected by record companies? the ones which make the big bucks........ now which records stay in the top 40 the longest? right, the ones that make the big bucks....... i bet that those averages for the same files wouldnt be any/much different if they werent protected

[4play]

All it will take is to make the hashes longer and the computing power required to make a corrupt file will be huge. can only see p2p apps evolving to counter this kind of action.

edit : had a bit of a think and a read about this and it seems to be complete bullshit. there is no way in hell they can affect bittorent since it uses sha1 hashes and finding a collision with the exact same filesize is gonna take stupid amounts of computing power.

http://slashdot.org/article.pl?sid=0...tid=95&tid=188

[Blaidd]

umm.. last i heard there are something like 10^40 unique hases out there (a hash doesn't need to correspond to the size of the file, it's just an algorithm that uses the bits to create something else). So there is a very good possibility that the hashes being used are completely unique.

[4play]

So there is a very good possibility that the hashes being used are completely unique.

there is a limited number of hashes but its a pretty big number still. what this company is claiming to do is to be able to take a hash for a file and generate a fake file of the same size with the same hash. imagine trying to do this for a 4.7 gig dvd, its basically impossible to do with todays machines.

what this company is probably doing is taking an existing client on a network and altering it to pretend its giving a certain file with a certain hash and then just tansfering random data out. this will fool software that does not have built in hash verifying. bittorent for example checks each chunk after it has been downloaded to make sure the data is not corrupt, this will instantly discard all the random data and find another source.

[Entity101]

Their system works by spoofing the hash and sending bogus data.

However, networks with advanced hashes, such as eMule will detect that the data send doesn't match the hash and discard it. So in the end only bandwidth is wasted (for both parties). Not really a serious problem. Simply put some auto IP banning functionality in eMule and they are screwed.