Comment by EPWN3D
1 day ago
"Crack the hash"? Does this mean you were employing some novel hashing algorithm and relying on its secrecy? If so your employer were never serious about security in the first place. Hardware attestation is more or less a solved problem, and that solution does not involve secret algorithms.
Eh. It was some kind of hash of the image. I was not involved in that project, so can't tell you exactly how it worked, but the images were "signed," and someone figured out how to "re-sign" an altered image.
I think it was a fairly well-known technique.
Which still sounds like your employer was simply incompetent because why was any type of perceptual hashing scheme even involved?
Signing digital data with hardware secure tokens is a commodity capability in the iPhone many of HNs users are reading this site with.
> your employer was simply incompetent
You’re probably right. This is easy, basic stuff that any recent college grad can do with their eyes closed.
I think this has been around for not so long
https://en.wikipedia.org/wiki/Content_Authenticity_Initiativ...
3 replies →