[Cryptography] High volume thermal entropy from an iPhone
Christian Huitema
huitema at huitema.net
Fri Dec 15 01:49:49 EST 2017
On 12/14/2017 5:06 PM, Jonathan Thornburg wrote:
>> We have theoretical reason to believe that the dark signal from a phone camera is thermal noise.
> Doing SecureCryptoHash(dark frame) is the easy part.
>
> The hard part is convincing yourself that that "dark frame" (which you
> just got from some ReadRawImage API is really "the dark signal" and
> hasn't been processed either "helpfully" (i.e., in ways which would be
> "helpful" for a typical phone picture) or maliciously.
In fact, I am not convinced at all that the "dark frame" approach is
best. Camera vendors may very strive to make sure that the dark frame is
actually dark. And it is also very easy to play games with an almost
dark pictures, since your eyes will not notice the noise.
If I was to extract entropy from a camera, I would rather take a picture
of some reasonably complex life scene and then hash the pixels. Maybe a
picture of my office desk. It would be rather hard for the adversary to
predict the minute details of the image's pixels, as they depend not
only on the rather disorganized pattern of papers on my desk, but also
on the specific position and angle at which the picture is taken.
Unless of course the adversary has access to the picture itself...
-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171214/71d17414/attachment.html>
More information about the cryptography
mailing list