• BlameThePeacock@lemmy.ca
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    Even that isn’t possible. While you could confirm it hasn’t been modified via hashing, it can only confirm that after it was created. If you created an entirely new file there’s no way to prove it wasn’t faked and then had a signature applied.

    • Buddahriffic@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Also, what’s to stop you from generating new hash information that is consistent with the new media if you do modify an existing one?

      • TheButtonJustSpins@infosec.pub
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        You’d need secure chips that can’t reveal the key, and those would be signed by a trusted authority.

        Then there’d be a black market for valid chips, or maybe some tomfoolery to make a camera think it’s seeing something that’s being fed into it via a different input.

        • Buddahriffic@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Oh yeah, forgot about cryptographic hashing for a moment there. Though that “trusted authority” is the weak point, probably only a matter of time before it is corrupted and gives keys out to powerful others.

          Or same thing for any workers with access to either the central key or one of the others. And if a specific company’s key gets leaked, does that mean anything produced by their devices can no longer be trusted? If there’s an inconvenient video in existence, will the way of defeating it just be to leak the private key protecting its hashes and just say that the hackers must have gotten ahold of the key earlier than everyone else to explain how that video existed before the key was leaked publically?

          Or even just have someone break in to each of their systems and steal the keys but leave evidence of it happening and use that to create reasonable doubt about whatever videos they want to call fake news.

      • BlameThePeacock@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        The timestamp of the original hash being sent to a central server.

        That’s the whole point of sending that hash close to when it happens.