undefined | Better HN

0 pointsmalfist2y ago0 comments

That's not how cryptographic signing works.

Cryptographic signing means "I wrote this" or "I created this". Sure you could sign an AI generated image as yourself. But you could not sign an image as being created by Getty or NYT

0 comments

esclerofilo2y ago

I believe that's not what they're saying. It's signing hardware, like a camera that signs every picture you take, so not even you can tamper with it without invalidating that signature. Naively, then, a signed picture would be proof that it was a real picture taken of a real thing. What GP is saying is that people would inevitably get the keys from the cameras, and then the whole thing would be pointless.

cwkoss2y ago

Yep.

A chain of trust is one way to solve this problem. Chains of trust aren't perfect, but they can work.

But if you're going to build a chain of trust that relies on humans to certify they used a non-tampered-with crypto camera, why not just let them use plain ol cameras. Adding cryptosigning hardware just adds a false sense of security that grifter salespeople will lie and say is 'impossible to break', and non-technical decision makers wont understand the threat model.

j / k navigate · click thread line to collapse