top | item 44135519

(no title)

lnrd | 9 months ago

What prevents anyone to take a signed picture by photographing a generated/altered picture? You just need to frame it perfectly and make sure there are no reflections that could tell it's a picture of a picture and not a picture of the real world, very doable with a professional camera. All details that could give it out would disappear just lowering the resolution, which can be done in any camera.

discuss

grues-dinner|9 months ago

With a bit (OK quite a lot) of fiddling, you could probably remove the CCD and feed the analog data into the controller, unless that's also got a crypto system in it.

Presumably if you were discovered you would then "burn" the device as its local key would be known then to be used by bad actors, but now you need to be checking all photos against a blacklist. Which also means if you buy a second hand device, you might be buying a device with "untrusted" output.

salawat|9 months ago

Any problem that requires cryptographic attestation or technical control of all endpoints is not a solution we should be pursuing. Think of it as a tainted primitive. Not to be implemented.

The problem of Trust is a human problem, and throwing technology at it just makes it worse.