Quote:
Originally Posted by Tickler
The color shift comment was targeted at images only to make it invisible for the uploader/surfer to actually see the info.
Also using 99% transparent text is basically invisible to the naked eye.
But, a program can compare the before image to the after image and easily tell the difference. If the surfer doesn't have the exact "before" image they can't make the comparison.
|
No, what I meant was, if that image then went through a transformation (lets say linux "mogrify -sharpen 10" to sharpen up the image (or reverse "-blur") or make the image larger, smaller, then the way to extract the information to find out who is the pirate is lost, since jpeg is not lossless.
Unless I'm completely missing your point.
For example, if encoding images to something else
wasn't a problem - ie someone stole your image and simply uploaded it elsewhere), then all you'd have to do is inject in a random pixel somewhere on the fly and calculate a visual hash of the image (and store it). The next user to view the image would have a different visual hash since the pixels are inserted randomly (more pixels added and higher res the pic, the more unique the hash). If you found your image somewhere else, you calculate its visual hash and then find out who pirated it.
eg - visual hash of an image (using multiple cryptographic keys):
Code:
Adler32 : C4BA841B
CRC16 : F520
CRC16.CCITT : 03B3
CRC16.XMODEM : 1356
CRC32 : EE43CE75
CRC64 : 38734BC8 493899BD
ED2K : 1770324D BF331EFB 9B6D3FDF 42B1FA5F
ELF32 : 08ACEA09
FCS16 : 27C4
FCS32 : EE43CE75
FNV32.1 : 3D7D5302
FNV64.1 : 0D075BAE 14C4736B
GHash32.3 : 5B8409CF
GHash32.5 : E2FFF6CF
GOST-Hash : 45D90023 65795C97 8B0111B6 CB5DB1F4 0A2984E7 8AD9E54A 79390BAB 685EB5CD
HAVAL256.3 : 84A910CA BE2FB254 906D51B4 D8F94F66 BAAB2A08 F6544E9D E21EEE2C 9668A390
HAVAL256.4 : 3741BA73 4F22CE21 8A8269D1 27D259F0 DF8062C0 89DA8E87 6A997AB4 662CF5E6
HAVAL256.5 : F58E487D 79E852E8 5FC5E248 C7B095BE 1925805E 6C33260F D4EA7F7E 14BF25F1
MD2 : 4341B1F0 3DCB05B4 4345EFE2 A7EEE352
MD4 : 1770324D BF331EFB 9B6D3FDF 42B1FA5F
MD5 : E3ACFD11 D7A66FF1 12572F2F 06AD3471
RipeMD128 : 302E360F 641B171F C7B0155F 5D61B2A1
RipeMD160 : 31A56722 F8A04705 2E5D2444 47D37F5D 319BF614
SHA1 : 4A03BA2E 7A9BD9D6 DFB6469B 46AF505E 5297DA4F
SHA256 : EA83B80E 91B3233E 675A833C A48AEA75 EDB0504B 9604900D D61000C7 6BF4BA36
SHA384 : 3EA3B4B9 BF9E9AA7 AECBDAE9 709344B9 78D2A70E C64986CD D6B5B22C 43781F51 02703400 B0E92BCB 25801C52 E7BB9048
SHA512 : A865F4B1 F54F13A2 9C4A23C2 7C9C4421 0E9F991C 8F95062D 77ECF26B 54499A25 936FFD3D 57D8A0F5 9045CF92 E6F388D2 7A204DD0 437D98DB 1BC73408 97FC7E67
Size64 : 00000000 00000C0E
Tiger : FC8E3D7F EFDB0086 9FE0234F 4D23BC34 2A85F91D BCFFC8B4
XUM32 : E24DCD6F
I inject a two pixels randomly into the image on the fly and the visual hash is now
Code:
Adler32 : 9CF30B65
CRC16 : 9B6E
CRC16.CCITT : F65C
CRC16.XMODEM : 0AA9
CRC32 : 7092DFED
CRC64 : FBA6C0A0 3D6DFA3B
ED2K : DACC7615 E2DA15E0 E18C9B16 8F8F4B02
ELF32 : 00AB12C9
FCS16 : F6C9
FCS32 : 7092DFED
FNV32.1 : B5594220
FNV64.1 : D0C29B97 F3351EA3
GHash32.3 : 9F39C995
GHash32.5 : 5091A2CD
GOST-Hash : 3D3E2665 B424BFD2 06827D7F F2291012 CA43F7BB AAA2CEB0 BAD6EB4D 781C290D
HAVAL256.3 : 88414280 498DD738 93A570AF CF7A2C9B 11A8573E CBDA1EBB 6E299CB4 72B5180D
HAVAL256.4 : 99ADC2CD F34674B1 D29D3637 F4928277 2DCF93E6 5FB624A5 7B716320 6384474F
HAVAL256.5 : F11859CB 005FF63C 1F35FB1B F5A22AAB 8237C866 C26AC6C8 C8FE9884 FF27D348
MD2 : A277E5B3 38E20642 2051D9B1 15493976
MD4 : DACC7615 E2DA15E0 E18C9B16 8F8F4B02
MD5 : B2236F8A 45481513 C546FC6D C79626B0
RipeMD128 : 71CD3611 897E2DD9 F426CAB8 CE493304
RipeMD160 : D2621808 60207BA4 045ACE1C CEEB9857 1FBAE694
SHA1 : AA403182 B4B469D7 90403247 CC11893B 933AF9A8
SHA256 : 4A5CCA0B F09D04E0 1B4E56F7 A0774032 0E3F8015 0BD6B29B 2D580F4D 4E191D01
SHA384 : 7C2DDA2F D4FFAF72 4162BBE9 738874B2 8261A06A 2DAD4405 2ADCFB71 2F8254AC 0C570B5D 465CE216 0DFBEF82 C9A53B86
SHA512 : EAFF29CE 43A7B0A6 D11EAB16 8E07DEE3 9833626A 0E6B0220 8C719F1E 849083BA 568D8310 3E5E491B 77F01B0B 50C322D7 9969424A 1B47C5AA 50E002C9 64C9F200
Size64 : 00000000 0000B707
Tiger : AA70F467 3AABEF02 7D6AE897 F1D9301D 3EBBBAAD A2805392
XUM32 : C795DF25
Now, on my dev server, these are the benchmarks for calculating those hashes:
Code:
Algorithm | Hash length | Hashed bytes/second
============================================================
Adler32 | 32 bits | 149 MB
CRC16 | 16 bits | 200 MB
CRC16.CCITT | 16 bits | 177 MB
CRC16.XMODEM | 16 bits | 204 MB
CRC32 | 32 bits | 211 MB
CRC64 | 64 bits | 49 MB
ED2K | 128 bits | 239 MB
ELF32 | 32 bits | 130 MB
FCS16 | 16 bits | 217 MB
FCS32 | 32 bits | 216 MB
FNV32.1 | 32 bits | 149 MB
FNV64.1 | 64 bits | 88 MB
GHash32.3 | 32 bits | 274 MB
GHash32.5 | 32 bits | 259 MB
GOST-Hash | 256 bits | 17 MB
HAVAL256.3 | 256 bits | 117 MB
HAVAL256.4 | 256 bits | 87 MB
HAVAL256.5 | 256 bits | 62 MB
MD2 | 128 bits | 4 MB
MD4 | 128 bits | 232 MB
MD5 | 128 bits | 132 MB
RipeMD128 | 128 bits | 110 MB
RipeMD160 | 160 bits | 55 MB
SHA1 | 160 bits | 78 MB
SHA256 | 256 bits | 46 MB
SHA384 | 384 bits | 16 MB
SHA512 | 512 bits | 17 MB
Size64 | 64 bits | 2 GB
Tiger | 192 bits | 38 MB
XUM32 | 32 bits | 110 MB
Which tells me that while Size64 can compute far more hashes per second, it's chance of being non-random is quite high, so let's pick ED2K which is really not bad, processing 239MB haseed bytes per second.
So in that case, a script could easily go and download images from the internet from known problem sources and at ~100KB/jpeg image, it would search ~2000 images per second to find if any of them came from me, and if so who was the user pirating it
As an automation technique, visual hashing is definitely the way, and while algorithms exist to catch lossiness in recompression (as well as videos), it's frikken complicated maths!