Random Mosaic – Detecting unauthorized physical access with colored rice (2021)

https://dys2p.com/en/2021-12-tamper-evident-protection.html

92•harporoeder•4mo ago

Comments

leakycap•4mo ago

I would have never come across this except on HN & it's awesome!

extraduder_ire•4mo ago

I first learned about it via the blink comparison app on f-droid, linked in the article.

gus_massa•4mo ago

Old discussion https://news.ycombinator.com/item?id=31897530 (642 points | June 2022 | 165 comments)

metalman•4mo ago

there is I believ a similar thing useing paint spatters as idicators of authentisity of electronics and also as proof of tampering, as the patterns are unique and can be produced, recorded ,quickly and cheeply.

flir•4mo ago

Much like the split tally stick: https://en.wikipedia.org/wiki/Tally_stick

zahlman•4mo ago

> If of one or more elements within the mosaic are modified, unauthorized access or compromise can be assumed.

... But how is the recipient certain of what the mosaic should be? You can't put the reference photo in the same package, because it's taken after sealing. And if you send it separately, that package is also subject to tampering.

jrm4•4mo ago

um, you like text it or email it?

ZeWaka•4mo ago

> ...an original photo, which has been taken for example, by a manufacturer, signed and transmitted to a customer via an encrypted communication channel, with a photo of the current state.

zahlman•4mo ago

Thanks, glossed over that, and also should have thought of it.

FuriouslyAdrift•4mo ago

Chaos Computer Club talk on this (using glitter nail polish) from way back in 2014...

https://www.youtube.com/watch?v=zpFKeVuP0_w

The talk covers A LOT more and focusing on "evil maid" attacks.

ape4•4mo ago

The article anonymized a face using the compromised swirl method

Katzenmann•4mo ago

Yeah but it looks like the face was also blurred before the swirl

vpribish•4mo ago

"The rice is a little more fine-grained"

nice writeup!

Timwi•4mo ago

It's a cool idea but it kind of bothers me that with all this effort, you still only get a boolean worth of information (it was either accessed or not). No clue about who, when, where or why.

The API Is a Dead End; Machines Need a Labor Economy

Digital Iris [video]

New wave of GLP-1 drugs is coming–and they're stronger than Wegovy and Zepbound

Convert tempo (BPM) to millisecond durations for musical note subdivisions

Show HN: Tasty A.F.

The Contagious Taste of Cancer

U.S. Jobs Disappear at Fastest January Pace Since Great Recession

Bithumb mistakenly hands out $195M in Bitcoin to users in 'Random Box' giveaway

Beyond Agentic Coding

OpenClaw ClawHub Broken Windows Theory – If basic sorting isn't working what is?

OpenBSD Copyright Policy

OpenClaw Creator: Why 80% of Apps Will Disappear

What Happens When Technical Debt Vanishes?

AI Is Finally Eating Software's Total Market: Here's What's Next

Computer Science from the Bottom Up

Show HN: A toy compiler I built in high school (runs in browser)

You don't need Mac mini to run OpenClaw

Learning to Reason in 13 Parameters

Convergent Discovery of Critical Phenomena Mathematics Across Disciplines

Ask HN: Will GPU and RAM prices ever go down?

From hunger to luxury: The story behind the most expensive rice (2025)

Substack makes money from hosting Nazi newsletters

A New Crypto Winter Is Here and Even the Biggest Bulls Aren't Certain Why

Moltbook was peak AI theater

Why Claude Cowork is a math problem Indian IT can't solve

Show HN: Built an space travel calculator with vanilla JavaScript v2

Why a 175-Year-Old Glassmaker Is Suddenly an AI Superstar

Micro-Front Ends in 2026: Architecture Win or Enterprise Tax?

These White-Collar Workers Actually Made the Switch to a Trade

The Wonder Drug That's Plaguing Sports