[fprint] fingerprints as a crypto key?

Sun Jul 14 10:17:34 PDT 2013

Hi

On Saturday 13 of July 2013 22:45:24 Brian J. Murrell wrote:
> I opened bug 66881 about this but I wonder if discussion on the list is
> more appropriate so here goes...
> 
> I wonder what the general consensus is about using fingerprints to
> [un]lock a password store.  Is there enough information in a fingerprint
> to provide a decent level of cryptographic security?
> 
> If you consider the average user password, and let's give them the
> benefit of the doubt and say it's 8 characters of some mixture of upper
> and lower case letters, punctuation, numerals, etc.  Let's even give
> them the whole lower 7 bits of the ascii character set, which is
> generous both because the first 32 characters are not even type-able and
> because I hazard to guess that most users don't use anywhere near the
> full array of the remaining 96 characters.
> 
> But even at 8 characters * 7 bits, that's 56 bits of crypto.  Does a
> fingerprint have more or less than 56 bits of information in it?
> 
> It seems odd to me that we can trust fingerprints enough to let people
> into their machines but we cannot trust them to {en|de}crypt a password
> store, the way gnome-keyring does with a pass{word|phrase}.
> 
> But if there was enough information in a fingerprint to use it to
> encrypt a password store, that opens up a number of interesting
> possibilities.  The most obvious is the gnome-password store, so you
> didn't have to enter a password after using your fingerprint to log in.
> 
> But another interesting possibility is using it to cryptographically
> store the passwords for authentication mechanisms that can't/don't use
> the fingerprint data, like kerberos so that every time a fingerprint is
> used to log in or unlock a screensaver, PAM does a kerberos ticket
> renewal the way it does currently with text based passwords.
> 
> Thoughts?

the issue here is that you cannot use fingerprint the same way as you use a 
password.

passwords are checked for equivalence (as in "is it the same?"), while 
fingerprints are checked for similarity ("does it look the same?").
there is no way to gain a hash-like data from a fingerprint in a deterministic 
way.

the only possible approach here is to have a reliable isolated system that 
knows your keys and fingerprints, you send it your fingerprint, and if it 
matches you get your key. I believe that the original UPEKTS chip supported 
this to some degree (it had a TPM-like crypto processor embedded, with 
hardware fingerprint matching), but beyond that you are out of luck.

your kerberos example would work, provided you had a kerberos implementation 
willing to accept a fingerprint as a credential.

Pavel Herrmann