Friday, February 18, 2022

Don’t Use Text Pixelation to Redact Sensitive Information

Dan Petro (via Hacker News):

To show you why, I wrote a tool called Unredacter that takes redacted pixelized text and reverses it back into its unredacted form.


The key thing we’re focusing on is that the redaction process is inherently local. In cryptographic terms, we’d say it has no diffusion. A change of one pixel somewhere in the original image ONLY impacts the redacted block it belongs to, meaning that we can (mostly) guess the image character by character. We’ll do a recursive depth-first search on each character, scoring each guess by how well it marginally matches up to the redacted text.


The bottom line is that when you need to redact text, use black bars covering the whole text. Never use anything else. No pixelization, no blurring, no fuzzing, no swirling. Oh, and be sure to actually edit the text as an image. Don’t make the mistake of changing your Word document so that it has black background with black text.


Comments RSS · Twitter

Leave a Comment