[Flac-users] Re: Fingerprint Verification Problem

David W. Tamkin dattier at panix.com
Fri Sep 27 15:34:01 PDT 2002

Our Leader asked,

| In any case, if you run flac -t and it passes, the only extra
| information you get from comparing the MD5 sum to the text
| file is to know if the original seeder put the right text file
| together with the right FLAC file.  But if you don't need the
| contents of the text file to know if the file was d/l'ed OK,
| why do you need the text file at all?

[Anywhere in here I say "fingerprint," I mean the internal one.]

As it has been explained to me, the original seeder keeps a file of
fingerprints available by FTP or HTTP, so that anyone down the chain can
compare the fingerprints of his/her FLACs to those created by the seeder.  If
someone along the way has reencoded the same music with different FLAC
options, the fingerprint won't change, so there's nothing to be concerned
about.  However, if the recipient's FLAC files pass flac -t but the
fingerprints don't match those on the seeder's site, somebody along the way
has changed the underlying WAV data.  That's a two-edged sword: it stymies a
malefactor from altering the WAVs out of mischief, but it also prevents a
music lover from adjusting track marks, declicking, or degapping.

More information about the Flac mailing list