From owner-freebsd-questions@FreeBSD.ORG Tue Jan 25 21:58:31 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AA6116A4CE for ; Tue, 25 Jan 2005 21:58:31 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 131A243D48 for ; Tue, 25 Jan 2005 21:58:31 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 840D45F1D for ; Tue, 25 Jan 2005 16:58:30 -0500 (EST) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53769-01 for ; Tue, 25 Jan 2005 16:58:28 -0500 (EST) Received: from [192.168.1.3] (pool-68-160-236-186.ny325.east.verizon.net [68.160.236.186]) by pi.codefab.com (Postfix) with ESMTP id 381885F1C for ; Tue, 25 Jan 2005 16:58:28 -0500 (EST) Message-ID: <41F6C0EE.1070801@mac.com> Date: Tue, 25 Jan 2005 16:58:06 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20050125192253.GA3088@gicco.homeip.net> <41F6A281.8030601@mac.com> <20050125205819.GA3574@gicco.homeip.net> In-Reply-To: <20050125205819.GA3574@gicco.homeip.net> X-Enigmail-Version: 0.90.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Subject: Re: Bittorrent secure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 21:58:31 -0000 Hanspeter Roth wrote: > On Jan 25 at 14:48, Chuck Swiger spoke: >> You need to have an external source of information which specifies a >> checksum or MD5 hash to confirm that the file has not been tampered with. > > That to say I should download CHECKSUM.MD5 from one of the public > FTP-servers by hand and do the MD5 checks myself, right? Yes indeed, or use the files in a context like the ports tree, which does this sort of checking for you. >> If you trust the Torrent tracker file, then BitTorrent has this part >> built-in. Otherwise, you would use something like the distinfo files in >> /usr/ports to help confirm the validity of files. > > BitTorrent doesn't get some public checksums from some public > servers transparently, does it? Each file distributed by BitTorrent has a tracker and a seed .torrent which describes the checksums of the file (and it's parts), and manages the list of hosts offering the file. >> On the other hand, Torrent doesn't do any worse than FTP or HTTP. > > The FTP-servers should be more or less official and should contain > more or less uncompromised data. A lot of people thought that about ftp.gnu.org, or ftp.sendmail.org, or other well-known FTP sources which have been compromised. > Hosts that offer BitTorrent probably are less official. True, but you are not relying on them to confirm the downloaded data is correct, you are relying on the seed host and it's .torrent file. -- -Chuck