[fprint] fingerprints as a crypto key?

Brian J. Murrell brian at interlinx.bc.ca
Sat Jul 13 19:45:24 PDT 2013

I opened bug 66881 about this but I wonder if discussion on the list is 
more appropriate so here goes...

I wonder what the general consensus is about using fingerprints to 
[un]lock a password store.  Is there enough information in a fingerprint 
to provide a decent level of cryptographic security?

If you consider the average user password, and let's give them the 
benefit of the doubt and say it's 8 characters of some mixture of upper 
and lower case letters, punctuation, numerals, etc.  Let's even give 
them the whole lower 7 bits of the ascii character set, which is 
generous both because the first 32 characters are not even type-able and 
because I hazard to guess that most users don't use anywhere near the 
full array of the remaining 96 characters.

But even at 8 characters * 7 bits, that's 56 bits of crypto.  Does a 
fingerprint have more or less than 56 bits of information in it?

It seems odd to me that we can trust fingerprints enough to let people 
into their machines but we cannot trust them to {en|de}crypt a password 
store, the way gnome-keyring does with a pass{word|phrase}.

But if there was enough information in a fingerprint to use it to 
encrypt a password store, that opens up a number of interesting 
possibilities.  The most obvious is the gnome-password store, so you 
didn't have to enter a password after using your fingerprint to log in.

But another interesting possibility is using it to cryptographically 
store the passwords for authentication mechanisms that can't/don't use 
the fingerprint data, like kerberos so that every time a fingerprint is 
used to log in or unlock a screensaver, PAM does a kerberos ticket 
renewal the way it does currently with text based passwords.



More information about the fprint mailing list