On Tue, Dec 30, 2003 at 01:37:48PM +0000, danilo ([EMAIL PROTECTED]) wrote: > > oh yes, you are probably right (about public/private key instead of md5), > but even with a public/private key method you could read the private key > hard-coded in the camera
Yes, but that can be made seriously difficult - not beyond NSA but easily beyond any ordinary criminal and probably even most extraordinary ones. > (or, most likely, in the card supplied with the kit). That won't work, the secret key must be available at the time the image is saved. (The card could have another secret key though, with corresponding public key in the camera - that way they could prevent anyone else from checking the code, and keep selling their verification kit at a ridiculous price...) > what I want to point out is that if you own such a camera and YOU > want to manipulate an image and use it for legal purpose, then you > still have a chance to do it, the strenght of the public / private > pattern is that is hard to find the private key, cause you must have > access to the owner's PC. In this case you have it in your camera. If the secret key and the encryption algorithm are embedded on a single chip, getting it out of there can be made *really* hard. > Hence probably it's something similiar to the public/private method > with some added feature aimed to keep difficult for anyone to broke > it. (difficult, not impossible!) > Or it could be somethig really different from what we are thinking of, so I > should stop blabbing ! ;) Right you are. :-) -- Tapani Tarvainen * **** ******* *********************************************************** * For list instructions, including unsubscribe, see: * http://www.a1.nl/phomepag/markerink/eos_list.htm ***********************************************************
