aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Author Topic: Hash and Filename signed  (Read 2438 times)

soynor

  • Newbie
  • Karma: 0
  • Offline Offline
  • Posts: 1
Hash and Filename signed
« on: August 27, 2009, 08:53:10 PM »
I'm thinking if it's possible implement a system through an user can sign with private/public keys the file hash and the file name to prevent the fakes.
The system could be as follows.

Each user has a private/public key generated by himself.
If the user decides will sign a string formed with the name and the filehash.
Then the user will publish  this string and his public key.
In the other side, other user after check the archive could add the public key to a black or white list if the file is a fake or no.
Also this second user could append this signed string or create a new one with its private key.
After a few days each user could have a white list of public keys of "good people" and could recognize easy if a user shares fakes or not.

This mechanism is similar to the comments system but with other information.

This is only an idea but i hope it could be implemented.
What do you think about this?
Logged

Stu Redman

  • Administrator
  • Hero Member
  • *****
  • Karma: 214
  • Offline Offline
  • Posts: 3739
  • Engines screaming
Re: Hash and Filename signed
« Reply #1 on: August 29, 2009, 09:26:08 PM »
You would have to sign each file individually after checking it of course for this to work.
The sources and their comments (signed or not) are gone when the file is completed and you can check it. You would have to store a list of all signed file names for a download to judge later who was good/bad. Complicated.
IIRC public/private key feature is already used in user hash verification and could be reused for something like that (didn't check though).
The "verified" flag could be transported through the comment tag without extending the protocol (which is not ours to change). So you could simply blacklist user hashes who verify something that turns out to be faked. Be careful what you verify though. What if someone accidentally verifies something which still is fake afterwards, like a movie that starts fine and then is filled with crap? You could end up with regarding other files shared and verified by him as fake although they are fine.

A good hard look at the list of shared file names has served well for me to unveil most fakes without such a feature.  :)
Logged
The image of mother goddess, lying dormant in the eyes of the dead, the sheaf of the corn is broken, end the harvest, throw the dead on the pyre -- Iron Maiden, Isle of Avalon