From owner-freebsd-questions@FreeBSD.ORG Tue Jan 25 20:58:51 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC2ED16A4CE for ; Tue, 25 Jan 2005 20:58:51 +0000 (GMT) Received: from obelix.sunrise.ch (mailrelay3.sunrise.ch [194.158.229.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BF7043D31 for ; Tue, 25 Jan 2005 20:58:50 +0000 (GMT) (envelope-from hampi@rootshell.be) Received: from gicco.homeip.net (pop-ls-8-2-dialup-80.freesurf.ch [194.230.244.80]) by obelix.sunrise.ch (8.12.10/8.12.10) with ESMTP id j0PKwmua009979 for ; Tue, 25 Jan 2005 21:58:48 +0100 Received: from gicco.here (localhost [127.0.0.1]) by gicco.homeip.net (8.13.1/8.12.11) with ESMTP id j0PKwJR8003709 for ; Tue, 25 Jan 2005 21:58:44 +0100 (CET) (envelope-from hampi@rootshell.be) Received: (from idefix@localhost) by gicco.here (8.13.1/8.12.11/Submit) id j0PKwJLd003708 for freebsd-questions@freebsd.org; Tue, 25 Jan 2005 21:58:19 +0100 (CET) (envelope-from hampi@rootshell.be) X-Authentication-Warning: gicco.here: idefix set sender to hampi@rootshell.be using -f Date: Tue, 25 Jan 2005 21:58:19 +0100 From: Hanspeter Roth To: freebsd-questions@freebsd.org Message-ID: <20050125205819.GA3574@gicco.homeip.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <20050125192253.GA3088@gicco.homeip.net> <41F6A281.8030601@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41F6A281.8030601@mac.com> User-Agent: Mutt/1.4.2.1i Subject: Re: Bittorrent secure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 20:58:51 -0000 On Jan 25 at 14:48, Chuck Swiger spoke: > Hanspeter Roth wrote: > >how secure is Bittorrent? > > It's not secure. > > >How can one know how trustworthy the stuff > >downloaded from other Bittorrent fellows is? > > You need to have an external source of information which specifies a > checksum or MD5 hash to confirm that the file has not been tampered with. That to say I should download CHECKSUM.MD5 from one of the public FTP-servers by hand and do the MD5 checks myself, right? > If you trust the Torrent tracker file, then BitTorrent has this part > built-in. Otherwise, you would use something like the distinfo files in > /usr/ports to help confirm the validity of files. BitTorrent doesn't get some public checksums from some public servers transparently, does it? > On the other hand, Torrent doesn't do any worse than FTP or HTTP. The FTP-servers should be more or less official and should contain more or less uncompromised data. Hosts that offer BitTorrent probably are less official. -Hanspeter