crypto photos

Canon sells this thing that purports to tell you whether a picture has been altered after it was taken: Data Verification Kit DVK-E2. Anyone know how this works?

The obvious way (to me) would be:

  • Crypto-hash the image and metadata;
  • Sign the hash with a private key that is baked into the camera hardware;
  • Store the hash and signature in a new jpeg block in the file.

Then anyone can verify the image by checking the hash and signature against the manufacturer's public key. The attack is that if you can peel the chip in any camera and get the private key, then you can generate fake photos forevermore.

But, their description on the web page makes it sound like the smarts are not in the camera, but in the CF card? This seems like a really strange way to do it. If the CF card is doing the signing (as files come in to its file system) then wouldn't the act of writing any old edited file to the card from a PC cause it to become signed?

A simpler attack is: take a photo; alter it; print it out; take a photo of that.

Tags: , ,

Today in Crack Monkey News

The Trial of Robert Blake:
Earlier in the trial, a professor from the University of California, Los Angeles, testified as an expert witness about the psychotropic effects of cocaine. He said that he had smoked crack cocaine himself and sat in a cage with monkeys to teach them how to smoke cocaine as well.