Regarding Use of Protocols, SHA-0 vs. SHA-1
It was implied on the Hamachi forums that there was a potential security risk in using Hamachi due to various parts of the program having used SHA-0 instead of SHA-1.
See here for the Hamachi development team's response clarifying how that is not the case, and there is no security risk in the specific uses of SHA-0 in Hamachi.
Since Version 2 became available, 0.9.x is unavailable for download from the Hamachi site for Mac OS X and Linux. The article should be updated to reflect this change. 22.214.171.124 (talk) 14:30, 12 November 2009 (UTC)
They are, however, available from http://files.hamachi.cc/linux/ 126.96.36.199 (talk) 00:46, 23 November 2009 (UTC) . — Preceding unsigned comment added by Jsquad9096 (talk • contribs) 23:03, 14 July 2013 (UTC)
I am concerned that hamachi only discusses the software that is provided by LogMeIn. There is also a hamachi sushi (Yellowtale fish), and a hamachi which is the notch on a sword that is placed just before the sharpened edge. I could not find either of these in Wikipedia. —Preceding unsigned comment added by Lledger7 (talk • contribs) 01:01, 26 February 2010 (UTC)
Reference Links Broken
Use for piracy
Some internet chatter describes Hamachi as a frequent tool for piracy. For example:
Some explanation, or at least discussion, of the relative importance of piracy in Hamachi use, would help me decide whether to comply with my daughter's request to install Hamachi on the family laptop which she uses.
- If no reliable sources have discussed illegitimate uses of Hamachi, then we can't in the article either. One problem is that we don't give medical, legal, security, or parenting advice. Another problem is, this is not a forum for general discussion of article topics; it's just for improving the article. Me? I'd sit her down and explain the risks (privacy, security, legal), and I'd never trust that laptop ever again. For anything. --Lexein (talk) 04:02, 2 January 2012 (UTC)
- C4dn is confusing the tool with the use of the tool. Just because he has installed the tool for his daughter does not absolve him of the responsibility of monitoring how his daughter uses that tool. If use is entirely legit, then he has acquired valuable functionality. If one aspect of the tool's use is not legit, then he need control that aspect of the tool's use. In other words ... don't throw the baby out with the bathwater.
- It would be entirely legitimate within the article to indicate any VPN poses security risks that must be individually evaluated for acceptability. Perhaps via a 'See also: Potential security risks of VPNs (link to vpn)' type of reference.
- Lexein, sadly, is promoting FUD with his comments. The presence of lack of a VPN doesn't change the manner in which you should look at or evaluate the trustworthiness of a machine. You shouldn't trust anything for anything in the first place. But people are going to, with due consideration and evaluation. The presence or lack of the VPN has nothing to do with it - merely the trust placed in the controller of the resource. In this case, the daughter in the laptop. No parent should trust such a machine in their home network, in the first place. Caveat emptor applies.
- Never mind. Largely covered by "The security risks due to vulnerable services on remote machines otherwise not accessible behind a NAT, common to all VPNs." However, the baby with the bathwater comment does still apply. Bs27975 (talk) 21:09, 2 May 2012 (UTC)
"server cluster managed by the vendor of the system" - confusing, clarification needed.
I came to this page to find out more about the beastie. Have not used it, but done some reading / poking about.
The use of the word 'vendor' here is (probably) misleading. The typical connotation of the word 'vendor' implies commerciality. So, in this case, 'vendor' would appear to me to mean logmein or Hamachi (Which is not a vendor, but a product?). Yet, as far as I can tell, any client can be a server. And such would not normally be considered a 'vendor', although that is exactly what they are in this context, and that use is actually correct. But it is ... misleading.
Perhaps the text could be clarified to note that Hamachi / server / vendor is tracking and connecting the credentials of client systems, which can be either or both providers, and users, of the shared data.
Certainly if my understanding above is incorrect, I'd appreciate it if the article corrected and clarified these aspects.
Or, perhaps, rework / reverse the orientation of the paragraph, more towards, Clients provide or use data provided by other clients, and Hamachi manages / directs / authenticates / authorizes inter-client connectivity.
The other problem with the confusion here is an implication that the data is held on the Hamachi systems. Which I don't believe to be true, except perhaps in special circumstances. e.g. Hamachi backup pointed to by a Hamachi vpn client? I think, with this paragraph's comment, the confusion is evident. When someone comes here to try an find out "What is Hamachi?".
It would be useful if the author could also indicate if controls limiting the scope of the access are present. Yes, the implication (could this be made explicit, please) is that one's OS' file sharing mechanisms apply, however, an indication that control can be limited to, say, specific directories, would be appreciated.
"Additionally 1.0 series of client software are capable of relaying traffic through vendor-maintained 'relay servers'." - by implication, other versions, if there are any, are not. Perhaps prefixing with 'As of' is appropriate?
"Hamachi is frequently used for gaming and remote administration. The vendor provides free basic service and extra features for a fee." is also confusing. These services are offered by Hamachi, or by logmein?
logmein is itself confusing, when trying to grok the whole. It appears to be a series of component parts. The coordination of those component parts, if there is such, is not readily apparent. Explaining the relationship between Hamachi and logmein would be useful, here. Even if only a brief blurb, and a reference to a wikip logmein entry.
"The IP address is henceforth associated with the client's public crypto key. As long as the client retains its key, it can log into the system and use this IP address." - confusing. Expand please. 'public crypto key' is perhaps the cause of the confusion. The implication is that one gains a public 5/8 address, and public internet routing tables updated, auto-accessible via the NAT adapter created by the internal virtual Hamachi network adapter. This seems unlikely, so if true, please so enunciate. More likely, the 5/8 address is available for as long as the virtual, temporary, private VPN exists. Which is to say, This 5/8 redirection, and it is a complete 5/8 redirection (?) persist only for as long as the private network connection is established.
I now see that 'Hamachi client is running.' explains this, however, I believe my comments above still stand and apply. Perhaps this paragraph should merely be moved up higher in the article, so that it is encountered first.
"minimal where data is not forwarded." - insufficient. By definition, making a connection transmits data. What is unclear, from the sentence, what data is forwarded. To be able to judge the risk. e.g. The implication is the data within the files being shared may be exposed. Perhaps this is not the intent.
"For the product to work, a "mediation server", operated by the vendor, is required." It would seem prudent to note OpenVPN as an alternative, wherein such a mediation server is not necessary. For that matter, a discussion of the relationship / alternative to OpenVPN would be useful here. Certainly that is one of the reasons I came to read the article in the first place: (a) What is Hamachi?; (b) How does it differ from OpenVPN. Granted, it becomes evident that part of (b) is ease or simplicity of functional establishment for the non-expert users, and that Hamchi performs the function of 'traffic cop' (for central / negotiation of connectivity) unavailable in a (typical?) OpenVPN setup. e.g. No need for bilateral static name resolution configuration behind NAT'ted networks.
To the author - thank you so much for writing this.
Recently, I heard that Hamachi changed to the 188.8.131.52/8 network as it is used by a government who using that network for private addresses anyway. My source for this news was Security Now Episode 379 (which doesn't have a text transcript at the time of this post). I'm not posting anything about it as I don't use the software myself, and don't have a reference to use. Miquel 'Fire' Burns (talk) 22:02, 24 November 2012 (UTC)
What is an advertisement doing on Wikipedia?
This is clearly an ad for a paid service. It reads exactly like an ad. This has no business on Wikipedia. Pages like this, written this way, are neither neutral POV nor particularly noteworthy.