Other P2P attacks (DNS, fake torrents, etc) Re: [p2p-hackers] SHA1
broken?
Gordon Mohr ( at Bitzi)
gojomo at bitzi.com
Fri Feb 18 05:54:15 UTC 2005
Serguei Osokine wrote:
> On Thursday, February 17, 2005 Gordon Mohr wrote:
>
>>I want P2P+CDN that delivers content that I and other sophisticated
>>users can trust, and I want the unsophisticated users on the same
>>network, too...
>>...
>>If P2P is just a leisure-time lark for credulous, casual users who
>>have many other unhygenic comuting practices, then you can be
>>lacksadaisical in your use of hash algorithms. If you want it to
>>also be a platform stable for long-term use by more discriminating
>>users and commercial endeavors, you should take the strength of
>>your hashes seriously.
>
>
> Fair enough. So how do you prevent the DNS-hijacking of Bitzi?
Good question. There's no protection yet. I've assumed that when the
budget and interest allows, we'd (1) offer signed versions of our XML
metadata tickets; and (2) offer https service for some or all users.
Other ideas welcome.
> Or - way more importantly - how do you prevent the fake .torrent files
> from being submitted to any number of torrent aggregator sites?
I assume the torrent aggregators have some way of vetting submissions,
either by reputation of the submitter, early testing/reviews by the most
adventurous users, and so forth. I'm currently not immersed in those
communities, so I don't know for sure.
Anyone else want to chime in on how torrent aggregator sites manage to
tend toward quality torrents over time?
- Gordon @ Bitzi
More information about the P2p-hackers
mailing list