Re: MD5 & bot Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-04-10 at 08:47 -0400, tedd wrote:
> At 8:10 PM -0400 4/9/07, Robert Cummings wrote:
> >On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:
> >>  At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
> >>  >On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
> >>  >
> >>  >  > This is exactly what tedd did in his last arrow example. He edited the
> >>  >>  header of the GIF image, and so that would result in different MD5.
> >>  >>
> >>  >>  Finding this part and skipping it in the MD5 check would do the job. :)
> >>  >
> >>  >Yep, that's an obvious solution since it's the same way virus signatures
> >  > >are matched. The entire image needs some kind of permutation. Passing a
> >  > >couple of curved ripples across the image as a transformation, and in
> >>  >different directions should suffice to obfuscate the image signature
> >  > >without obfuscating the image itself :) Similarly watermarking the image
> >  > >using fractal patterns should also provide good noise.
> >>  >
> >>  >Cheers,
> >>  >Rob.
> >>
> >>  Rob:
> >>
> >>  It doesn't need to be complicated, just random placed pixels on the
> >>  image from a selection of colors would provide millions of
> >>  permutations.
> >
> >No, you're wrong. Read the part about I mentioned about virus
> >signatures. A small portion of the whole can be used as an identifier
> >where that portion is unique to the overall entity. For instance, I can
> >throw a tub of tar over you, then a tub of feathers ;) ;) and if one of
> >your fingers doesn't get covered, I can still identify your chicken
> >ass ;)
> >
> >Cheers,
> >Rob.
> 
> Rob:
> 
> Your use of metaphor is quite colorful, but if you if change a single 
> pixel in an image, then you change the MD5 signature -- that is what 
> I was talking about -- and that is not wrong.

Yes but you completely missed the point of my metaphor :) The point is,
I can take an md5 signature of subset of the image's pixels and still
identify it if the subset is representative (this is the point about
still ID'ing someone with their finger print despite the rest of them
being tarred and feathered :) This is how many virus detection systems
work. They find a single portion of virus' binary program that is
representative and can use it as a search within other binaries to
detect the presence of the virus. So if you only change a few pixels,
there is a high likelyhood of a subset set md5 signature still being
recognized.

> 
> Plus, if you:
> 
> [A] Passing a couple of curved ripples across the image as a 
> transformation, and in different directions should suffice to 
> obfuscate the image signature without obfuscating the image itself
> 
> or
> 
> [B] Similarly watermarking the image using fractal patterns should 
> also provide good noise.
> 
> You would still leave at least one pixel
>
> the same as it was before so 
> your chicken ass would still be exposed, right? Or does your 
> ripple/watermark application alter every pixel by changing its alpha 
> channel or something?

These would alter every pixel, without generally affecting a human's
perception of the object... this is the point since now subset of the
images pixels would be representative.

> And if so, then why is it that you are required to change every 
> pixel? I am sure that there are images that have at least one pixel 
> in common, so I don't see the point you're trying to make -- please 
> explain.

Explanation above :)

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux