Jul 20, 2006, 06:13 AM
|
#1 of 8
|
While it is possible to break the SHA-1 hash algorithm that BitTorrent uses, it is not all that easy to compromise downloads through the BitTorrent protocol, especially for large files such as ISOs in my opinion (not that it is exactly easy to break the SHA-1 algorithm to my knowledge, but I could be wrong).
In order for hash checking to have failed for Rasputin, a complete piece must have been downloaded from a malicious peer. So you have to ask yourself were you downloading large magnitudes of this torrent from one single peer?
Since every piece is split up into some chunks, it is quite likely that you'll get some chunks from a regular peer and some other chunks from the malicious peer. As hashing algorithms takes all the bytes of a piece and runs the algorithm on it to produce the 40-digit hexadecimal number, I'm curious as to whether it is actually currently feasible to have malicious chunks combined with good chunks and produce a valid hash as while it's possible to have a malicious block of data produce the correct SHA-1 hash, this mish mash of the two may not be possible (again, I could be wrong).
Azureus performs hash checks after a full piece has been downloaded and I believe it also double-checks each piece again when the torrent has completed. I'm not sure if BitComet does the same, but I would certainly think so (at least, certainly the former, or else you'd be wasting a lot of time if you get to 100% and realize half your files are bad).
Nonetheless, you should motion for forcing a rehash check and opening all file extensions and the viewing of hidden files as aforementioned.
Jam it back in, in the dark.
|
Hiro