Quote:
Originally posted by Scyth
One things I've being worried about for a few months now is the potential for injecting garbage data into a multi-source download. Someone, either a concern rightsholder or a malicious user, could make a client that claims to be a source for a file, then sends out random data. The result would be an mp3 with noise and seek errors. I haven't been able to think of a good way to protect against this.
|
The receiving client would automatically detect such a spoof when calculating hash number for the received file and comparing it to the one being requested. If hashing is applied to partial chunks as well (which is needed anyway if incomplete files are utilized as sources for multisourced downloads), the integrity of the data can be safeguarded at a lower level.
The above measures still leave the problem of 'original fakes' - deceptively named junk files fed into the network. Open networks without verifiable peer identities and trust relationships will remain vulnerable to bad original data even if the problem can be partially adressed by publishing hash numbers for good rips.
- tg
