stoepsel good information. JS i like ur reference to LOTR with the 'shortcut' reference.
Now let's get down and dirrrty ..into the nitty gritty of this...anybody tried spoofing or faking a hash?
if so...how'd ya do it? i have my own ideas...but once again...its like national security and working in area51...ya wanna tell somebody bout dem 'aliens' or in this case..."how ta do it"
but by the same token you don't want a lot of "copycat" serial killahs (scipt kiddies) running loose imitating "ha><ors" and totally fudging up fasttrack (anymore than its already been fudged)
so should information like this be made public? my thoughts on the matter are no...unfortunately the temptation to cure curiosity will often time lead to trying to exploit/copy/reproduce a 'new'' (or old) vulnerability in something.
botton line or rather 'closing thoughts':
so is 'the donkey' the only network (p2pwise) that does complete file hashing? are there others? do any exist?
as someone else once said...(referring to the internet and 'getting caught') the only way to be 'totally safe' is to just rip out yer modem or network card and not go online...
for the rest of us there is 'comon sense'. it will be your biggest weapon against such maladies. Perhaps an alternative p2p program which supports full hashing?
or you can continue the Prussian roulette with KaZaA and take ur chances...u never know when u might be the lucky wiener who gets caught or finds a virus.
Only the prize isn't desirable as the ones found in 'crackerjacks'
-Ciao
-
