|
|
|
|
|
|
by repsilat
5137 days ago
|
|
|
Scene groups provide nfo files with their releases. Those nfo files could contain a cryptographic signature proving the authenticity of the rip. Essentially, the way it works is that for a given group there are two keys: A private key `P` (that only the group has), and a public key `Q` (that everyone has). For a file `F` the "signature" is the output of some function `sign(P, Q, F)`. The function `sign` is specially chosen so that the output can be validated without access to `P`, but cannot be efficiently forged without it. As other posters have pointed out, this means that if `P` is kept secret then all signed releases can be authoritatively linked to the people who provided them. Finding `P` on someone's thumb drive is a smoking gun. To be honest, I don't think this would be a big worry, but I'm not in the scene and I don't know how the people in it think. |
|
|
That said, a third party could add a signature. But in practice a cryptographically secure signature isn't even needed. It boils down to a reputation system, so that you can associate a torrent file with quality and this has already existed since forever on sites like the piratebay in the form of uploader usernames. A lot of torrents are uploaded by the same users, users who have a history of quality torrents. In contrast, a hollywood uploader would never have any actual quality torrents in the account history. So in conclusion, this problem was already solved ages ago.