<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 12/14/2017 5:06 PM, Jonathan
Thornburg wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CADB4a9kJh++D8t_nP0kty09qJ9bp7ucy3Xx4KYPx7Kg8ULUwsA@mail.gmail.com">
<blockquote type="cite" style="color: #000000;">
<pre wrap="">We have theoretical reason to believe that the dark signal from a phone camera is thermal noise.
</pre>
</blockquote>
<pre wrap="">Doing SecureCryptoHash(dark frame) is the easy part.
The hard part is convincing yourself that that "dark frame" (which you
just got from some ReadRawImage API is really "the dark signal" and
hasn't been processed either "helpfully" (i.e., in ways which would be
"helpful" for a typical phone picture) or maliciously.</pre>
</blockquote>
<br>
In fact, I am not convinced at all that the "dark frame" approach is
best. Camera vendors may very strive to make sure that the dark
frame is actually dark. And it is also very easy to play games with
an almost dark pictures, since your eyes will not notice the noise.<br>
<br>
If I was to extract entropy from a camera, I would rather take a
picture of some reasonably complex life scene and then hash the
pixels. Maybe a picture of my office desk. It would be rather hard
for the adversary to predict the minute details of the image's
pixels, as they depend not only on the rather disorganized pattern
of papers on my desk, but also on the specific position and angle at
which the picture is taken. <br>
<br>
Unless of course the adversary has access to the picture itself...<br>
<br>
-- Christian Huitema<br>
<br>
<br>
</body>
</html>