|Project started||September 2017|
|Open source||Yes, GPL 3.0, ISC|
Mosaic Visual Hash is an algorithm that takes some amount of input bits and transforms them into an easily recognizable picture.
Hash functions are used in many contexts where we want to verify whether some chunk of data is identical to another previous chunk, but without the necessity of having the previous data at hand. For example, hash sums are often displayed next to big file downloads in order to allow the user to verify the error-free transfer of the file.
While verifying a typical hash is easy for a computer, comparing all those letters and numbers is cumbersome for human users. In situations where a user is expected to verify a hash, it can be very helpful to display the information that needs to be verified visually instead of as a string of digits, hence hash visualization. Humans are very good at identifying and comparing pictures, a difference on which CAPTCHAs rely to this day.
While there are some examples of freely available hash visualization algorithms, I thought to create one that looks more pleasant and visually appealing than what's already out there, which led to the creation of Mosaic Visual Hash. It achieves its visuals by creating and overlaying several circles of different sizes in order to create pictures resembling stained glass mosaics with soft contours.
It bears mentioning that, like most of its competitors, Mosaic Visual Hash is is not by itself a very good hash function, and most of the beneficial properties of cryptographic hash functions are absent (e.g. specific input bits correspond directly to specific properties of the output picture). It is thus heavily recommended to use a known and well-understood cryptographic hash function (such as SHA-256) as a precursor to the visualization, i.e. to use the output of the cryptographic hash function as the input for Mosaic Visual Hash.
Additionally, the algorithm is intentionally not 100% deterministic. Small random variations to the colors and shapes are introduced as an additional security feature in order to make it more difficult to discern the exact algorithm input from a screenshot without harming the recognizability of the image by humans. The extent of this jitter can be configured.
Mosaic Visual Hash was initially developed as an offshoot of PasswordShaker that seemed worth keeping around as its own project. That turned out to be a good decision, as one of my colleagues found it interesting enough to suggest writing a short research paper on it (and on other hash visualization schemes) together, which ended up successfully published. Nonetheless, I consider this project essentially finished with no current open questions.