Random Mosaic – Detecting unauthorized physical access with colored rice (2021)

https://dys2p.com/en/2021-12-tamper-evident-protection.html

92•harporoeder•4mo ago

Comments

leakycap•4mo ago

I would have never come across this except on HN & it's awesome!

extraduder_ire•4mo ago

I first learned about it via the blink comparison app on f-droid, linked in the article.

gus_massa•4mo ago

Old discussion https://news.ycombinator.com/item?id=31897530 (642 points | June 2022 | 165 comments)

metalman•4mo ago

there is I believ a similar thing useing paint spatters as idicators of authentisity of electronics and also as proof of tampering, as the patterns are unique and can be produced, recorded ,quickly and cheeply.

flir•4mo ago

Much like the split tally stick: https://en.wikipedia.org/wiki/Tally_stick

zahlman•4mo ago

> If of one or more elements within the mosaic are modified, unauthorized access or compromise can be assumed.

... But how is the recipient certain of what the mosaic should be? You can't put the reference photo in the same package, because it's taken after sealing. And if you send it separately, that package is also subject to tampering.

jrm4•4mo ago

um, you like text it or email it?

ZeWaka•4mo ago

> ...an original photo, which has been taken for example, by a manufacturer, signed and transmitted to a customer via an encrypted communication channel, with a photo of the current state.

zahlman•4mo ago

Thanks, glossed over that, and also should have thought of it.

FuriouslyAdrift•4mo ago

Chaos Computer Club talk on this (using glitter nail polish) from way back in 2014...

https://www.youtube.com/watch?v=zpFKeVuP0_w

The talk covers A LOT more and focusing on "evil maid" attacks.

ape4•4mo ago

The article anonymized a face using the compromised swirl method

Katzenmann•4mo ago

Yeah but it looks like the face was also blurred before the swirl

vpribish•4mo ago

"The rice is a little more fine-grained"

nice writeup!

Timwi•4mo ago

It's a cool idea but it kind of bothers me that with all this effort, you still only get a boolean worth of information (it was either accessed or not). No clue about who, when, where or why.

Show HN: CryptoClaw – open-source AI agent with built-in wallet and DeFi skills

ShowHN: Make OpenClaw Respond in Scarlett Johansson’s AI Voice from the Film Her

CReact Version 0.3.0 Released

Show HN: CReact – AI Powered AWS Website Generator

The rocky 1960s origins of online dating (2025)

Show HN: Agent-fetch – Sandboxed HTTP client with SSRF protection for AI agents

Why there is no official statement from Substack about the data leak

Effects of Zepbound on Stool Quality

Show HN: Seedance 2.0 – The Most Powerful AI Video Generator

Ask HN: Do we need "metadata in source code" syntax that LLMs will never delete?

Pentagon cutting ties w/ "woke" Harvard, ending military training & fellowships

Can Quantum-Mechanical Description of Physical Reality Be Considered Complete? [pdf]

Kessler Syndrome Has Started [video]

Complex Heterodynes Explained

EVs Are a Failed Experiment

MemAlign: Building Better LLM Judges from Human Feedback with Scalable Memory

CCC (Claude's C Compiler) on Compiler Explorer

Homeland Security Spying on Reddit Users

Actors with Tokio (2021)

Can graph neural networks for biology realistically run on edge devices?

Deeper into the shareing of one air conditioner for 2 rooms

Weatherman introduces fruit-based authentication system to combat deep fakes

Why Embedded Models Must Hallucinate: A Boundary Theory (RCC)

A Curated List of ML System Design Case Studies

Pony Alpha: New free 200K context model for coding, reasoning and roleplay

Show HN: Tunbot – Discord bot for temporary Cloudflare tunnels behind CGNAT

Open Problems in Mechanistic Interpretability

Bye Bye Humanity: The Potential AMOC Collapse

Dexter: Claude-Code-Style Agent for Financial Statements and Valuation

Digital Iris [video]