Antisthenes

.

Ignorant panorama photographers often use the pretentious terms "nodal point" or "nodal offset", which is fundamentally incorrect.

The axis about which the camera+lens setup should be rotated...

Indeed. https://www.dpreview.com/forums/post/60954893

Um, no. A circular polarizing filter (CPL) consists of a linear polarizer (LP) bonded to a quarter-wave plate (QWP). In a CPL, the LP's polarization plane makes a θ=45° angle with the fast and slow ...

Injecting bogus picture data to be signed by another camera might indeed be as simple as photoshopping the picture to remove / add some important items, then printing that picture and taking a...

.
> A hacker can simply override the signature with his own,
> and produce a legitimate but fake file.

Indeed.

But that would require some advanced hacking to be able to inject into the camera...

Similarly, compromising a digital signature / authentication system that uses asymmetric keys, like the RSA public key system, requires either:

a) breaking the RSA public key algorithm — e.g. via...

Both a) and b) aren't considered to be within the abilities of a garden-variety hacker, as the protection mechanisms — e.g. the tamper-proof silicon chips used in SIM cards, SecurID tokens, credit...

Breaking a digital signature / authentication system that uses symmetric keys, like RSA's SecurID tokens, or the SIM cards issued by mobile phone networks worldwide requires either:

a) breaking...

The RSA public key algorithm is still considered secure by experts, and is used, at this very instant, to authenticate and encrypt the traffic between countless web sites like dpreview.com,...

RSA's SecurID tokens, as they are based on a shared secret that is conceptually akin to a symmetric key, do not actually use the RSA asymmetric (private/public) key system.

So, basically, that...

Lest people unfamiliar with cryptographic concepts assume, given the title of that Wired article, that what is popularly known as "RSA encryption" has been broken: that is not the case.

The Wired...

The small secure element doesn't need to scan the whole image data to sign it. In typical digital signature applications, the powerful host CPU can compute the SHA of the data to be signed. The ...

Also note that the /software/ weaknesses mentioned in the OWASP list are of little relevance, as we are talking here about authenticating digital data — i.e. simply producing a cryptographically...

Well, you'd have to show that there are "bus-sized security holes" in the cryptographic algorithms and / or hardware implementations of modern security chips, including but not limited to:

- EMC...

.
My reply is a bit too long to post here as a comment, so I posted it in a DPReview forum:

https://www.dpreview.com/forums/post/66390031

Replying here as a forum post, because the text is a bit too long to be posted as a comment to the original DPReview news item . ======= From an IT security point of view, the image authentication ...