Comment by ChrisMarshallNY
1 day ago
Eh. It was some kind of hash of the image. I was not involved in that project, so can't tell you exactly how it worked, but the images were "signed," and someone figured out how to "re-sign" an altered image.
I think it was a fairly well-known technique.
Which still sounds like your employer was simply incompetent because why was any type of perceptual hashing scheme even involved?
Signing digital data with hardware secure tokens is a commodity capability in the iPhone many of HNs users are reading this site with.
> your employer was simply incompetent
You’re probably right. This is easy, basic stuff that any recent college grad can do with their eyes closed.
I think this has been around for not so long
https://en.wikipedia.org/wiki/Content_Authenticity_Initiativ...
This was quite a while, before that.
Sure but conceptually no one should've been able to crack any hashing scheme anyone half-way decent at their job could come up. SHA256 is the default and it's unbroken. Even SHA1 has scant few known collisions. So like...what the heck were they hashing and how that anyone was able to crack it?
1 reply →