Re: Your thoughts on my network security. - Firewalls

This is a discussion on Re: Your thoughts on my network security. - Firewalls ; > >In most P2P networks files are indexed by cryptographically secure >checksums. Bogus data are trivially and reliably detected. on the P2P nets, Bogus data is also indexed by cryptographically secure checksums As was found in tests: people THINK they ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: Your thoughts on my network security.

  1. Re: Your thoughts on my network security.

    >
    >In most P2P networks files are indexed by cryptographically secure
    >checksums. Bogus data are trivially and reliably detected.


    on the P2P nets, Bogus data is also indexed by cryptographically
    secure checksums

    As was found in tests:
    people THINK they know a lot about things they know little or nothing
    about, and THINK they know little about things they know a lot
    about...

  2. Re: Your thoughts on my network security.

    Osiris wrote:

    >>In most P2P networks files are indexed by cryptographically secure
    >>checksums. Bogus data are trivially and reliably detected.

    >
    > on the P2P nets, Bogus data is also indexed by cryptographically
    > secure checksums


    And because it's a cryptographic checksum, no bogus data can have the same
    checksum as the original. The vendor provides the checksum(s) (ed2k link,
    torrent file, ...), and by these the data are retrieved and verified. Sure,
    you can send bogus data upon requests, but the checksum won't match and the
    bogus data will be discarded.

    > As was found in tests:
    > people THINK they know a lot about things they know little or nothing
    > about, and THINK they know little about things they know a lot
    > about...


    Indeed. And you should really stick to your own advice.

  3. Re: Your thoughts on my network security.

    On Sat, 9 Dec 2006 18:48:37 +0100, Sebastian Gottschalk
    wrote:

    >Osiris wrote:
    >
    >>>In most P2P networks files are indexed by cryptographically secure
    >>>checksums. Bogus data are trivially and reliably detected.

    >>
    >> on the P2P nets, Bogus data is also indexed by cryptographically
    >> secure checksums

    >
    >And because it's a cryptographic checksum, no bogus data can have the same
    >checksum as the original. The vendor provides the checksum(s) (ed2k link,


    not THAT many VENDORs on P2P...
    And anyone can checksum their files.


    >torrent file, ...), and by these the data are retrieved and verified. Sure,
    >you can send bogus data upon requests, but the checksum won't match and the
    >bogus data will be discarded.


    ever heard about fake lists ?

    >
    >> As was found in tests:
    >> people THINK they know a lot about things they know little or nothing
    >> about, and THINK they know little about things they know a lot
    >> about...

    >
    >Indeed. And you should really stick to your own advice.


  4. Re: Your thoughts on my network security.

    Osiris wrote:

    > On Sat, 9 Dec 2006 18:48:37 +0100, Sebastian Gottschalk
    > wrote:
    >
    >>Osiris wrote:
    >>
    >>>>In most P2P networks files are indexed by cryptographically secure
    >>>>checksums. Bogus data are trivially and reliably detected.
    >>>
    >>> on the P2P nets, Bogus data is also indexed by cryptographically
    >>> secure checksums

    >>
    >>And because it's a cryptographic checksum, no bogus data can have the same
    >>checksum as the original. The vendor provides the checksum(s) (ed2k link,

    >
    > not THAT many VENDORs on P2P...


    Hm... almost any Linux distro, Blizzard uses BitTorrent for all their game
    patches, various game demos from many vendors... in any case, this was the
    premise on the discussion.

    > And anyone can checksum their files.


    ?

    >>torrent file, ...), and by these the data are retrieved and verified. Sure,
    >>you can send bogus data upon requests, but the checksum won't match and the
    >>bogus data will be discarded.

    >
    > ever heard about fake lists ?


    This isn't needed if the only correct identifier is known, since it was
    provided by the vendor.

+ Reply to Thread