[HN Gopher] A tool for recovering passwords from pixelized scree...
___________________________________________________________________
A tool for recovering passwords from pixelized screenshots
Author : maydemir
Score : 62 points
Date : 2020-12-06 20:44 UTC (2 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| multiplegeorges wrote:
| Reminds me of the case of the child abuser who was caught by
| simply reversing a Photoshop filter.
|
| Reference: https://boingboing.net/2007/10/08/untwirling-photo-
| of.html
| tobr wrote:
| So as I understand it this technique rests on a number of
| assumptions:
|
| - You know the exact parameters used to render the text
|
| - You can render new text with the exact same parameters
|
| - The pixelated image hasn't been ruined by color quantization or
| other destructive compression
| sly010 wrote:
| Relatedly (and this is probably not surprising to anyone here) if
| you draw a black box on a PDF file to cover sensitive
| information, chances are a simple screen reader will still able
| to extract the information just fine.
| dawnerd wrote:
| Found this out the other day on that story from the port
| explosion. They had a pdf with blacked out names, but you could
| just copy the text and paste it and it wasn't blacked out.
| ciarannolan wrote:
| Redact ---> print ---> scan ---> distribute.
|
| I think US courts and lawyers are finally starting to learn
| this.
| ShakataGaNai wrote:
| That's why you always use the Adobe Acrobat Redaction tool.
| It'll obliterate everything and the metadata too!
| MattGaiser wrote:
| Why is pixelation preferable to a big black obliterating box?
|
| To me, it seems like a lot of wasted time and effort and
| potential arms race between encoders and decoders and the risk of
| being exposed when you could just put a big black box over
| whatever you wish to obscure.
| xoa wrote:
| > _Why is pixelation preferable to a big black obliterating
| box?_
|
| From a security perspective it has zero advantages, but I guess
| some people like the aesthetics?
|
| > _To me, it seems like a lot of wasted time and effort and
| potential arms race between encoders and decoders and the risk
| of being exposed when you could just put a big black box over
| whatever you wish to obscure._
|
| There doesn't need to be an arms race, one can just erase
| whatever needed to be hid, put fake random text over it and
| then pixelate _that_. Ie., a prettier "black box" but still
| the same core method as a black box. In principle doesn't even
| need to be any more work, it'd be easy enough to throw together
| a simple "pixelate erase" script that'd take a selection, apply
| average solid color and random text over it, then pixelate the
| result all in one automatated step.
|
| The problem is if some people think _any_ modification of the
| original information is ever good enough. Anything based on the
| original could leak information, so need to erase and then
| apply any desired aesthetics afterward.
| Hamuko wrote:
| Even big black boxes require some amount of skill.
|
| https://twitter.com/Phthalaldehyde/status/133471474074092748...
| diebeforei485 wrote:
| This reminds of the Markup tool[1] on iPhone. People use it to
| redact from screenshots, but it was (is?) actually slightly
| transparent by default.
|
| [1] https://9to5mac.com/2018/03/13/ios-markup-reveal-redact-
| sens...
| rriepe wrote:
| It's not. There's never going to be a tool that does this with
| black bars.
|
| The only benefit I can think of is legitimacy. Having something
| blurred there suggests that there was actually something there.
| thotsBgone wrote:
| Yeah I think blurring is more aesthetic, and until recently
| was seemingly just as secure. It reminds me of how people
| have used the Photoshop swirl tool to obscure faces, but you
| could just use the swirl tool in the other direction to undo
| the effect.
| est31 wrote:
| Black bars alone may still leak info.
|
| First, if you add black bars on your own and don't use
| professional redaction features of software, you might miss
| the OCR text layer of the PDF, or the bar might be added as a
| separate object entirely which means it can also be removed
| later on.
|
| Second, if you don't use monospace text, the width of the
| text you are redacting will reveal information about it.
| That's why monospace fonts are so commonly used in the
| intelligence community for example.
|
| Third, if you just add a black bar to a screenshot, there
| might be residual values of the text left in adjacent
| seemingly white portions of the image, but they might not be
| entirely white due to compression effects. Better you run it
| through a filter before publishing.
| davchana wrote:
| Yes, in pdf, add bars, & then print it again as pdf, but as
| image.
| xorcist wrote:
| There is still a risk to leak the length of the password. If
| the font is known and the size of the rendered text can be
| inferred that would limit the search space considerably.
| davchana wrote:
| Personal Snippet, if I want to hide/cross something I wrote
| on paper, I usually change letters to something else, like
| u to g, i to d, nothing preplanned, whatever comes in mind,
| before I cross line the text in forward slashes, backword
| slashes, & in horizontal lines.
| riidom wrote:
| Only reason I can think of: Pixelation has a more elegant touch
| than covering everything with a box (be it black, or some
| better suited color).
|
| Took a while to convince people to not use a bit of gaussian
| blur, because it's insecure. Well, ready for round 2...
| rriepe wrote:
| Is "pixelized" the norm somewhere? I'm used to "pixelated."
| jbn wrote:
| could it be that the author's first language is not English?
| "pixelized" sounds like a literal translation of the French
| word for "pixelated".
| FroshKiller wrote:
| The way I use them, "pixelated" refers to images rendered to a
| target resolution in pixels. "Pixelized" refers to an image
| that is transformed to resemble pixel art of lower quality (in
| terms of resolution and color depth).
|
| A screen from Super Mario Bros is pixelated. That's what the
| art is supposed to look like.
|
| A screen from Broken Age running in Retro Mode is pixelized.
| The art isn't actually intended to look like that, and it's
| just for nostalgic effect.
| pimlottc wrote:
| I found the author's blog post on LinkedIn more informative:
|
| https://www.linkedin.com/pulse/recovering-passwords-from-pix...
| lights0123 wrote:
| That link is also in the first section of the repository's
| README.
___________________________________________________________________
(page generated 2020-12-06 23:00 UTC)