Date: Tue, 25 Jan 2005 16:58:06 -0500 From: Chuck Swiger <cswiger@mac.com> To: freebsd-questions@freebsd.org Subject: Re: Bittorrent secure? Message-ID: <41F6C0EE.1070801@mac.com> In-Reply-To: <20050125205819.GA3574@gicco.homeip.net> References: <20050125192253.GA3088@gicco.homeip.net> <41F6A281.8030601@mac.com> <20050125205819.GA3574@gicco.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hanspeter Roth wrote: > On Jan 25 at 14:48, Chuck Swiger spoke: >> You need to have an external source of information which specifies a >> checksum or MD5 hash to confirm that the file has not been tampered with. > > That to say I should download CHECKSUM.MD5 from one of the public > FTP-servers by hand and do the MD5 checks myself, right? Yes indeed, or use the files in a context like the ports tree, which does this sort of checking for you. >> If you trust the Torrent tracker file, then BitTorrent has this part >> built-in. Otherwise, you would use something like the distinfo files in >> /usr/ports to help confirm the validity of files. > > BitTorrent doesn't get some public checksums from some public > servers transparently, does it? Each file distributed by BitTorrent has a tracker and a seed .torrent which describes the checksums of the file (and it's parts), and manages the list of hosts offering the file. >> On the other hand, Torrent doesn't do any worse than FTP or HTTP. > > The FTP-servers should be more or less official and should contain > more or less uncompromised data. A lot of people thought that about ftp.gnu.org, or ftp.sendmail.org, or other well-known FTP sources which have been compromised. > Hosts that offer BitTorrent probably are less official. True, but you are not relying on them to confirm the downloaded data is correct, you are relying on the seed host and it's .torrent file. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F6C0EE.1070801>