Random Mosaic – Detecting unauthorized physical access with colored rice (2021)

https://dys2p.com/en/2021-12-tamper-evident-protection.html

92•harporoeder•4mo ago

Comments

leakycap•4mo ago

I would have never come across this except on HN & it's awesome!

extraduder_ire•4mo ago

I first learned about it via the blink comparison app on f-droid, linked in the article.

gus_massa•4mo ago

Old discussion https://news.ycombinator.com/item?id=31897530 (642 points | June 2022 | 165 comments)

metalman•4mo ago

there is I believ a similar thing useing paint spatters as idicators of authentisity of electronics and also as proof of tampering, as the patterns are unique and can be produced, recorded ,quickly and cheeply.

flir•4mo ago

Much like the split tally stick: https://en.wikipedia.org/wiki/Tally_stick

zahlman•4mo ago

> If of one or more elements within the mosaic are modified, unauthorized access or compromise can be assumed.

... But how is the recipient certain of what the mosaic should be? You can't put the reference photo in the same package, because it's taken after sealing. And if you send it separately, that package is also subject to tampering.

jrm4•4mo ago

um, you like text it or email it?

ZeWaka•4mo ago

> ...an original photo, which has been taken for example, by a manufacturer, signed and transmitted to a customer via an encrypted communication channel, with a photo of the current state.

zahlman•4mo ago

Thanks, glossed over that, and also should have thought of it.

FuriouslyAdrift•4mo ago

Chaos Computer Club talk on this (using glitter nail polish) from way back in 2014...

https://www.youtube.com/watch?v=zpFKeVuP0_w

The talk covers A LOT more and focusing on "evil maid" attacks.

ape4•4mo ago

The article anonymized a face using the compromised swirl method

Katzenmann•4mo ago

Yeah but it looks like the face was also blurred before the swirl

vpribish•4mo ago

"The rice is a little more fine-grained"

nice writeup!

Timwi•4mo ago

It's a cool idea but it kind of bothers me that with all this effort, you still only get a boolean worth of information (it was either accessed or not). No clue about who, when, where or why.

Barn Owls Know When to Wait

Implementing TCP Echo Server in Rust [video]

LicGen – Offline License Generator (CLI and Web UI)

Service Degradation in West US Region

The Janitor on Mars

Bringing Polars to .NET

Adventures in Guix Packaging

Show HN: We had 20 Claude terminals open, so we built Orcha

Your Best Thinking Is Wasted on the Wrong Decisions

Warcraftcn/UI – UI component library inspired by classic Warcraft III aesthetics

Trump Vodka Becomes Available for Pre-Orders

Velocity of Money

Stop building automations. Start running your business

You can't QA your way to the frontier

Show HN: PalettePoint – AI color palette generator from text or images

Robust and Interactable World Models in Computer Vision [video]

Nestlé couldn't crack Japan's coffee market.Then they hired a child psychologist

Notes for February 2-7

Study confirms experience beats youthful enthusiasm

The Big Hunger by Walter J Miller, Jr. (1952)

The Genus Amanita

We have broken SHA-1 in practice

Ask HN: Was my first management job bad, or is this what management is like?

Ask HN: How to Reduce Time Spent Crimping?

KV Cache Transform Coding for Compact Storage in LLM Inference

A quantitative, multimodal wearable bioelectronic device for stress assessment

Why Big Tech Is Throwing Cash into India in Quest for AI Supremacy

How to shoot yourself in the foot – 2026 edition

Eight More Months of Agents

From Human Thought to Machine Coordination