Random Mosaic – Detecting unauthorized physical access with colored rice (2021)

https://dys2p.com/en/2021-12-tamper-evident-protection.html

92•harporoeder•4mo ago

Comments

leakycap•4mo ago

I would have never come across this except on HN & it's awesome!

extraduder_ire•4mo ago

I first learned about it via the blink comparison app on f-droid, linked in the article.

gus_massa•4mo ago

Old discussion https://news.ycombinator.com/item?id=31897530 (642 points | June 2022 | 165 comments)

metalman•4mo ago

there is I believ a similar thing useing paint spatters as idicators of authentisity of electronics and also as proof of tampering, as the patterns are unique and can be produced, recorded ,quickly and cheeply.

flir•4mo ago

Much like the split tally stick: https://en.wikipedia.org/wiki/Tally_stick

zahlman•4mo ago

> If of one or more elements within the mosaic are modified, unauthorized access or compromise can be assumed.

... But how is the recipient certain of what the mosaic should be? You can't put the reference photo in the same package, because it's taken after sealing. And if you send it separately, that package is also subject to tampering.

jrm4•4mo ago

um, you like text it or email it?

ZeWaka•4mo ago

> ...an original photo, which has been taken for example, by a manufacturer, signed and transmitted to a customer via an encrypted communication channel, with a photo of the current state.

zahlman•4mo ago

Thanks, glossed over that, and also should have thought of it.

FuriouslyAdrift•4mo ago

Chaos Computer Club talk on this (using glitter nail polish) from way back in 2014...

https://www.youtube.com/watch?v=zpFKeVuP0_w

The talk covers A LOT more and focusing on "evil maid" attacks.

ape4•4mo ago

The article anonymized a face using the compromised swirl method

Katzenmann•4mo ago

Yeah but it looks like the face was also blurred before the swirl

vpribish•4mo ago

"The rice is a little more fine-grained"

nice writeup!

Timwi•4mo ago

It's a cool idea but it kind of bothers me that with all this effort, you still only get a boolean worth of information (it was either accessed or not). No clue about who, when, where or why.

Go 1.22, SQLite, and Next.js: The "Boring" Back End

Laibach the Whistleblowers [video]

I replaced the front page with AI slop and honestly it's an improvement

Economists vs. Technologists on AI

Life at the Edge

RISC-V Vector Primer

Show HN: Invoxo – Invoicing with automatic EU VAT for cross-border services

A Tale of Two Standards, POSIX and Win32 (2005)

Ask HN: Is the Downfall of SaaS Started?

Flirt: The Native Backend

OpenAI's Latest Platform Targets Enterprise Customers

Goldman Sachs taps Anthropic's Claude to automate accounting, compliance roles

Ai.com bought by Crypto.com founder for $70M in biggest-ever website name deal

Big Tech's AI Push Is Costing More Than the Moon Landing

The AI boom is causing shortages everywhere else

Suno, AI Music, and the Bad Future [video]

Ask HN: How are researchers using AlphaFold in 2026?

Running the "Reflections on Trusting Trust" Compiler

Watermark API – $0.01/image, 10x cheaper than Cloudinary

Now send your marketing campaigns directly from ChatGPT

Queueing Theory v2: DORA metrics, queue-of-queues, chi-alpha-beta-sigma notation

Show HN: Hibana – choreography-first protocol safety for Rust

Haniri: A live autonomous world where AI agents survive or collapse

GPT-5.3-Codex System Card [pdf]

Atlas: Manage your database schema as code

Geist Pixel

Show HN: MCP to get latest dependency package and tool versions

The better you get at something, the harder it becomes to do

Show HN: WP Float – Archive WordPress blogs to free static hosting

Show HN: I Hacked My Family's Meal Planning with an App