In the case of bad-named files, the user can just vote the name down /in the last version).
In the case of a spoofed sha1-sum and a wrongly delivered file, verification of the file should show that it is a bogus-file (hashing after the download finished), but that's not yet integrated into Phex (but I assume it will be with TTH).
If it was changed to rely on tigertree hash (TTH, which Gregor is implementing right now into Phex) instead of only sha1, the chunks could directly be verified, and the first few chunks would show the file to be wrong.
Finishing the file before voting is necessary, at least for positive votes, because else the users could vote up a file which is only garbled at the end.
And for negative votes it's also necessary because else the program can't verify, if the file really has the sha1-sum.
For TigerTree Hashes that could also vanish.
And Credence is a way of verifying files decentrally, not just the program (which is dead, because LimeWire didn't carry it over). And that way could be carried over, but Phex would need an additional programmer for this (who would take it as main goal to implement Credence in Phex, and maybe improving it).
One more problem was, that it relied on centrally distributed key-files, but that could be removed (it was only a draft of a real system, and they planned to switch to a cryptographic generation inside the clients, but didn't carry on to do so).
Last edited by arne_bab; May 7th, 2007 at 01:56 PM.
|