SHA family and MD5 do not have keys. SHA1 and MD5 are insecure due to structural weaknesses in the algorithm.
Also, 2048 bits apply to RSA asymmetric keypairs, but SHA1 is 160 bits with similarly sized internal state and SHA256 is as the name says 256 bits.
ECC is a public key algorithm which can have 256 bit keys.
Dilithium is indeed a post quantum digital signature algorithm, which would replace ECC and RSA. But you'd use it WITH a SHA256 hash (or SHA3).
Pigeon hole principle says it does for any file substantially longer than the hash value length, but it's going to be hard to find
Public key cryptography would involve signatures, not encryption, here.
It really depends on their motivation. The ones we need to keep out are the ones who enjoy hurting others or don't care at all.
Oof.
They need to implement content addressing for "sidecar" signature files (add a hash) both to prevent malleability and to allow independent caches to serve up the metadata for images of interest.
Also, the whole certificate chain and root of trust issues are still there and completely unaddressed. They really should add various recommendations for default use like not trusting anything by default, only showing a signature exists but treating it unvalidated until the keypair owner has been verified. Accepting a signature just because a CA is involved is terrible, and that being a terrible idea is exactly the whole reason who web browsers dropped support for displaying extended validation certificate metadata (because that extra validation by CAs was still not enough).
And signature verification should be mandatory for every piece, dropping old signatures should not be allowed and metadata which isn't correctly signed shouldn't be displayed. There's even schemes for compressing multiple signatures into one smaller signature blob so you can do this while saving space!
And one last detail, they really should use timestamping via "transparency logs" when publishing photos like this to support the provenance claims. When trusted sources uses timestamping line this before publication then it helps verifying "earliest seen" claims.
Analog hole, just set up the camera in front of a sufficiently high resolution screen.
You have to trust the person who owns the camera.
A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key. Regular digital signatures is what's needed here
You can still use such a signing circuit but treat it as an attestation by the camera's owner, not as independent proof of authenticity.
It helps journalists, etc, when files have digital signatures verifying who is attesting to it. If the WH has their own published public key for signing published media and more then it's easy to verify if you have originals or not.
Bitlocker supports the same usecase, but everybody wants that automatic boot feature so...
It also lets you store a secondary key on a server and require the computer to be on trusted networks to be able to retrieve it to boot, but I've never ever heard of anybody using that
They're heavily involved with the development of the spec and guidance to OEMs on how to implement it
Bitlocker's threat model is physical access, though. And it's 50% of TPM's threat model too.
Not very well apparently
https://lemmy.blahaj.zone/comment/6377576