Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Eh. It was some kind of hash of the image. I was not involved in that project, so can't tell you exactly how it worked, but the images were "signed," and someone figured out how to "re-sign" an altered image.

I think it was a fairly well-known technique.

 help



Which still sounds like your employer was simply incompetent because why was any type of perceptual hashing scheme even involved?

Signing digital data with hardware secure tokens is a commodity capability in the iPhone many of HNs users are reading this site with.

reply


> your employer was simply incompetent

You’re probably right. This is easy, basic stuff that any recent college grad can do with their eyes closed.

reply


I think this has been around for not so long

https://en.wikipedia.org/wiki/Content_Authenticity_Initiativ...

reply


This was quite a while, before that.

reply


Sure but conceptually no one should've been able to crack any hashing scheme anyone half-way decent at their job could come up. SHA256 is the default and it's unbroken. Even SHA1 has scant few known collisions. So like...what the heck were they hashing and how that anyone was able to crack it?

reply


Maybe its more like the hash was a well known secure hash but someone managed to extract the salt/private key/signing certificate from the camera?

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: