Until now, this was the SHA1 file content signature that allowed detecting malicious/corrupted/modified versions.
Now, starting Limewire 3.9.8, THEX data is also used so that corruption can be detected long before the end of the download.
LimeWire downloadable versions are found directly from Gnutella using signed queryhits, where the signature comes from a secure strong encryption key owned only by Limewire, but whose decryption key is publicly announced within the LimeWire released code. See for example what you have in your "update.ver" file. It contains some XML and that signature from your current version, and it is compared with incoming update.ver which may also contain some messages to display in the dialog box.
For now, this has just been used to indicate that a new version was available, but soon you you be able to download directly from that dialog instead of being directed to the LimeWire download site.
But already today, you can seek for LimeWire version by searching for "LimeWire" in a application search. When Limewire will be released, the main download site may become slower for a few days, but you'll be able to download the new version by searching from it in LimeWire directly, as newly installed versions will also be shared immediately.
Last edited by verdyp; May 9th, 2004 at 05:31 PM.
|