Senator Diane Feinstein Wants to know about the Benefits of P2P

David Schwartz davids at webmaster.com
Mon Aug 30 21:48:57 UTC 2004



> So I would like some professional expert opinion to
> give her on this issue since it will effect the
> copyright inducement bill. Real benefits for
> production and professional usage of this technology.

	We have no idea what the benefits of P2P are going to be or what the
technology is ultimately going to look like. It will be at least a decade
before anyone has a clue and maybe much longer.

	And, btw, IMO the MD5 collision is sufficient to judge MD5 unsuitable for
checking file authenticity in a P2P application. A denial of service attack
could, potentially, be launched by anyone who could create a block with the
same MD5 checksum as any block in the application. To do this, they need
only create a collision for the first chunk of that block, which now seems
doable. (Yes, I know the difference between producing a collision and
producing a collision for a given block. It's just that this difference is
all that's left.)

	MD5 is still perfectly suitable for any number of applications where the
ability for a hacker to produce a collision to a given block is not
sufficient to destroy the security of the scheme.

	DS





More information about the NANOG mailing list