[HN Gopher] A tool for recovering passwords from pixelized scree... ___________________________________________________________________ A tool for recovering passwords from pixelized screenshots Author : maydemir Score : 62 points Date : 2020-12-06 20:44 UTC (2 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | multiplegeorges wrote: | Reminds me of the case of the child abuser who was caught by | simply reversing a Photoshop filter. | | Reference: https://boingboing.net/2007/10/08/untwirling-photo- | of.html | tobr wrote: | So as I understand it this technique rests on a number of | assumptions: | | - You know the exact parameters used to render the text | | - You can render new text with the exact same parameters | | - The pixelated image hasn't been ruined by color quantization or | other destructive compression | sly010 wrote: | Relatedly (and this is probably not surprising to anyone here) if | you draw a black box on a PDF file to cover sensitive | information, chances are a simple screen reader will still able | to extract the information just fine. | dawnerd wrote: | Found this out the other day on that story from the port | explosion. They had a pdf with blacked out names, but you could | just copy the text and paste it and it wasn't blacked out. | ciarannolan wrote: | Redact ---> print ---> scan ---> distribute. | | I think US courts and lawyers are finally starting to learn | this. | ShakataGaNai wrote: | That's why you always use the Adobe Acrobat Redaction tool. | It'll obliterate everything and the metadata too! | MattGaiser wrote: | Why is pixelation preferable to a big black obliterating box? | | To me, it seems like a lot of wasted time and effort and | potential arms race between encoders and decoders and the risk of | being exposed when you could just put a big black box over | whatever you wish to obscure. | xoa wrote: | > _Why is pixelation preferable to a big black obliterating | box?_ | | From a security perspective it has zero advantages, but I guess | some people like the aesthetics? | | > _To me, it seems like a lot of wasted time and effort and | potential arms race between encoders and decoders and the risk | of being exposed when you could just put a big black box over | whatever you wish to obscure._ | | There doesn't need to be an arms race, one can just erase | whatever needed to be hid, put fake random text over it and | then pixelate _that_. Ie., a prettier "black box" but still | the same core method as a black box. In principle doesn't even | need to be any more work, it'd be easy enough to throw together | a simple "pixelate erase" script that'd take a selection, apply | average solid color and random text over it, then pixelate the | result all in one automatated step. | | The problem is if some people think _any_ modification of the | original information is ever good enough. Anything based on the | original could leak information, so need to erase and then | apply any desired aesthetics afterward. | Hamuko wrote: | Even big black boxes require some amount of skill. | | https://twitter.com/Phthalaldehyde/status/133471474074092748... | diebeforei485 wrote: | This reminds of the Markup tool[1] on iPhone. People use it to | redact from screenshots, but it was (is?) actually slightly | transparent by default. | | [1] https://9to5mac.com/2018/03/13/ios-markup-reveal-redact- | sens... | rriepe wrote: | It's not. There's never going to be a tool that does this with | black bars. | | The only benefit I can think of is legitimacy. Having something | blurred there suggests that there was actually something there. | thotsBgone wrote: | Yeah I think blurring is more aesthetic, and until recently | was seemingly just as secure. It reminds me of how people | have used the Photoshop swirl tool to obscure faces, but you | could just use the swirl tool in the other direction to undo | the effect. | est31 wrote: | Black bars alone may still leak info. | | First, if you add black bars on your own and don't use | professional redaction features of software, you might miss | the OCR text layer of the PDF, or the bar might be added as a | separate object entirely which means it can also be removed | later on. | | Second, if you don't use monospace text, the width of the | text you are redacting will reveal information about it. | That's why monospace fonts are so commonly used in the | intelligence community for example. | | Third, if you just add a black bar to a screenshot, there | might be residual values of the text left in adjacent | seemingly white portions of the image, but they might not be | entirely white due to compression effects. Better you run it | through a filter before publishing. | davchana wrote: | Yes, in pdf, add bars, & then print it again as pdf, but as | image. | xorcist wrote: | There is still a risk to leak the length of the password. If | the font is known and the size of the rendered text can be | inferred that would limit the search space considerably. | davchana wrote: | Personal Snippet, if I want to hide/cross something I wrote | on paper, I usually change letters to something else, like | u to g, i to d, nothing preplanned, whatever comes in mind, | before I cross line the text in forward slashes, backword | slashes, & in horizontal lines. | riidom wrote: | Only reason I can think of: Pixelation has a more elegant touch | than covering everything with a box (be it black, or some | better suited color). | | Took a while to convince people to not use a bit of gaussian | blur, because it's insecure. Well, ready for round 2... | rriepe wrote: | Is "pixelized" the norm somewhere? I'm used to "pixelated." | jbn wrote: | could it be that the author's first language is not English? | "pixelized" sounds like a literal translation of the French | word for "pixelated". | FroshKiller wrote: | The way I use them, "pixelated" refers to images rendered to a | target resolution in pixels. "Pixelized" refers to an image | that is transformed to resemble pixel art of lower quality (in | terms of resolution and color depth). | | A screen from Super Mario Bros is pixelated. That's what the | art is supposed to look like. | | A screen from Broken Age running in Retro Mode is pixelized. | The art isn't actually intended to look like that, and it's | just for nostalgic effect. | pimlottc wrote: | I found the author's blog post on LinkedIn more informative: | | https://www.linkedin.com/pulse/recovering-passwords-from-pix... | lights0123 wrote: | That link is also in the first section of the repository's | README. ___________________________________________________________________ (page generated 2020-12-06 23:00 UTC)