Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > LimeWire+WireShare (Cross-platform) > LimeWire Beta Archives
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts


 
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old July 20th, 2005
deacon72's Avatar
Nam Vets Forever
 
Join Date: July 9th, 2003
Location: Ohio
Posts: 280
deacon72 is flying high
Default UPDATER WORKED FOR ME

When I opened Limewire Pro on two of my machines there was an alert at the bottom of my Limewire Screen telling me an update was available. I hit the alert, found the update, downloaded to Save, exited Limewire and installed the update. Nice, neat and clean.........no problems.........the advantage to having a fully functional and properly configured computer......Yes that is a poke at the others who blame LimeWire for their problems. LimeWire Update worked for me.
  #12 (permalink)  
Old July 23rd, 2005
Grandpa's Avatar
Valued Member contributor
 
Join Date: February 20th, 2005
Location: Depends on the Day
Posts: 3,012
Grandpa will become famous soon enough
Default

I have had it turned on since I noticed it beta checked I believe 4.5 but have never resieved a notifcation of updates
  #13 (permalink)  
Old July 24th, 2005
zab zab is offline
Connoisseur
 
Join Date: May 16th, 2004
Location: Big Apple
Posts: 266
zab is a great assister to others; your light through the dark tunnel
Default

We haven't notified for 4.9.7 because we found some bugs with the update mechanism in 4.9.4 and 4.9.5.
  #14 (permalink)  
Old November 25th, 2005
verdyp's Avatar
LimeWire is International
 
Join Date: January 13th, 2002
Location: Nantes, FR; Rennes, FR
Posts: 306
verdyp is flying high
Default

Quote:
Originally posted by et voilą
Just a thought: what about security and the in network updating? I've always been wary of upgrade notifications in the past on LW: what certifies you there is no false signal spreading letting you know that a real new version is available?
Merci
The version.xml file that gets downloaded on startup or when it is discovered on the network is cryptographically signed with the LimeWire private key. It is only valid if this encrypted signature matches after decrypting it using the LimeWire public key.

So don't worry from where that XML file comes from. If it validates, then it was created by LimeWire LLC itself, and nobody else, not even any LimeWire open source developers). The LimeWire will not display such update notice from any version XML file with the wrong signature, and will discard it if you attempt to modify it). See it like emails you receive from anywhere but that for which you can trust its origin as it contains a cryptographic signature.

LimeWire has not, and will not reveal its own encryption private key needed to create or update that file. A non-LimeWire release created from the open sources would likely discard the Limewire notice or would embed the public key of the creator of that alternate release, instead of the LimeWire LCC public key, so that this alternate version can distribute its own version.xml file.

(Note that version.xml is not purely a XML file: it just appears to have an XML content, but is followed by the cryptographic signature.)

This security is based on the fact that if you can trust Limewire LLC to distribute the genuine version of Limewire that you are using, then you could trust Limewire LLC's signature used for its updates.

The same technic is used in general by all software distributors as well (the public key is generally encapsulated within a public certificate, stored and validable in a trustable PKI provider, which acts as the escrow for attesting that the author's identity shown in the certificate has been verified and is not patently false; this PKI can also provide information about the status of a certificate, for example if it has been compromized, and can tell you if the certificate is still valid, or if it has been invalidated by its original author).

Limewire can embed one or more public keys in each release: older ones (if they have not been compromized), and the most recent one. These public keys allow accepting update messages for all future versions that will be advertized and created using the corresponding private keys.

If someone does not upgrade immediately, and several major versions have been released, may be sometime in the future, none of its embedded public key will match the update messages for these future versions, if they are not created using one of the private keys corresponding to the public keys embedded in an old distribution used by some user.

It will take years before this happens, unless a private key has been compromized:
* For example if the LimeWire LLC private key appears to have been stolen by someone to create a volontarily broken version of Limewire, something that has still never happened,
* or if the cryptographically strong signature algorithm gets broken

Limewire uses a signature based on the wellknown irreversible SHA-1 cryptographic digest algorithm, which is still still safe for now; Limewire could switch at any time to a even stronger algorithm such as SHA-256 or SHA-512 which is supported now natively in Java 1.4.1+. Would the strength of this digest be ever compromized, the whole planet would be largely informed because this encryption algorithm is constantly monitored by lots of security companies. Breaking this digest algorithm is still a very challenging and difficult problem worldwide, needing lots of costly resources.

When this will occur, LimeWire would immediately change its signature, and would inform users on its web site that new update notifications will use a new key, and won't be delivered to users of old versions, that will have to update manually. No one can predict when such event will ever occur (those that would attempt to break the encryption algorithm would likely use their discovery fro more "profitable" criminal actions than just building a P2P servent, which can be freely downloaded from a wellknown source; if this ever happened, this forum would be filled with warning notices about fake and viral Limewire versions).

These considerations are true for any software that embeds a internet update system, including Microsoft Update, antivirus updates, Java auto updates, and so on...
__________________
LimeWire is international. Help translate LimeWire to your own language.
Visit: http://www.limewire.org/translate.shtml

Last edited by verdyp; November 25th, 2005 at 04:42 PM.
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
why is 3.8.1 labeled "beta" sdsalsero LimeWire Beta Archives 1 February 9th, 2004 01:10 PM
Turn Off "Verifying File" & "Saving File" YoCraig New Feature Requests 8 November 28th, 2003 05:05 PM
LimeWire Pro 3.6.10 Beta "Thumbs Up" JPM1920 General Mac Support 0 November 3rd, 2003 11:47 PM
Need Gnotella 1.0 Beta Testers shaun Gnotella (Windows) 2 July 20th, 2001 11:29 AM


All times are GMT -7. The time now is 05:49 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.