Hacker Newsnew | comments | show | ask | jobs | submit login

Just a warning: blurring pixels in sensitive photos like this is often insufficient. Always black out the information instead (and make sure to flatten the image! and not save it as e.g. a pdf with a black bar over it which has actually happened before too)

http://www.schneier.com/blog/archives/2007/01/how_to_recover...




That attack is more useful against a mosaic than a straight blur. In this case, to attack successfully, the attacker would have to lay out every possible passport with the letters in the exact position as they'd be printed, because there is a pretty strong blur applied. You have an F and the line of < characters to work with, you know about how long her given and surnames are, and you have a frame of reference for the rest based on how much of the bottom line the author had to blur. Not much else. You also don't have a guarantee that the blur is straight out of Photoshop and contains what you are trying to reverse; looking at it, I don't think it is the actual passport data. I think it was modified then blurred.

I'm happy to be proven wrong, but I think this one is impractical.

-----


That would be interesting if they actually deciphered a real blurred picture.

Which they didn't cause it's not possible, I mean, left to reader.

[edit: I put it with the myth you need to erase data on a hard disk randomly multiple times http://www.nber.org/sys-admin/overwritten-data-gutmann.html ]

-----


Funny how you present your view as fact and then complain about having to put up with myths...

http://yuzhikov.com/articles/BlurredImagesRestoration2.htm

-----


No, I more commented on the article made a pretty bold statement and then didn't follow it up yet everyone buys into it.

I've never seen it actually shown so that to me makes it dodgy. If it was possible it'd be a pretty cool demo.

(And I assume I don't need to say removing camera blur, the famous photoshop swirls incident etc is not the same.)

-----


The link you provided doesn't provide us with any insight into what the NSA's state-of-the-art might have been.

This NIST publication[1] says: "for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."

Tech changes have "altered previously held best practices regarding magnetic disk type storage media". It does not seem to confirm that multiple erases were unnecessary before.

1: http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-...

-----


It's quite possible. Not only is it possible to perform deconvolution, but since you know that you're looking for text data, and you even have the font, you can do much better. You can iterate through millions of names very quickly and find which one, once blurred produces the best match.

In the same vein, check out http://www.ee.columbia.edu/~wliu/CVPR05_LiuWei1.pdf

-----


Have you seen the photoshop image deblurring plugin?

http://tv.adobe.com/watch/max-2011-sneak-peeks/max-2011-snea...

-----


There is a big difference in removing camera shake from a raw image file and removing a blur from a jpeg.

-----


They actually have an example for a regular blurred jpeg at the end. And yes, a camera shake may big difference to a regular blur, but then again, an actual regular blur (so an unfocused lens instead of a moving lens) is less often the problem.

-----


Wow, I had meant to have another sentence saying that it is probably still possible based on the "blur" technique used. But... yeah, I clearly did not say that.

I would assume most of the time people "smudge" the data they want to be removed from a photo. Though, as stated, adding new information to the image has got to be the best way to do this. (a blackout.)

-----


Your gutmann document is interesting. Thank you.

There are some things that were not mentioned.

1) Obviously you're talking about traditional spinning platter drives, and not SSDs.

2) The complete drive needs to be overwritten to be sure all data has gone. The safest way to do that is to use an ATA secure erase command. This will overwrite all the sectors marked as bad. DBAN is good, but it will not overwrite sectors marked as bad. (The risk from this is small.)

-----


Depending on the filter that you use, it can be reversed: http://en.wikipedia.org/wiki/Christopher_Paul_Neil

-----


A blur acts as a low-pass filter, removing high-frequency information from the resultant image.

If the high-frequency data that was removed is unique enough that it can't be either guessed or recovered then a blur might be just fine.

If the high-frequency data is something that can be easily guessed, extrapolated, etc. then a blur does not provide much protection as far as the information content goes.

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: