[fprint] fprint Digest, Vol 26, Issue 1

Mike Simpson mikie.simpson at gmail.com
Wed Jul 17 02:34:42 PDT 2013



On 14 Jul 2013, at 20:00, fprint-request at lists.freedesktop.org wrote:

> Send fprint mailing list submissions to
>    fprint at lists.freedesktop.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    http://lists.freedesktop.org/mailman/listinfo/fprint
> or, via email, send a message with subject or body 'help' to
>    fprint-request at lists.freedesktop.org
> 
> You can reach the person managing the list at
>    fprint-owner at lists.freedesktop.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of fprint digest..."
> 
> 
> Today's Topics:
> 
>   1. fingerprints as a crypto key? (Brian J. Murrell)
>   2. Re: fingerprints as a crypto key? (Pavel Herrmann)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Sat, 13 Jul 2013 22:45:24 -0400
> From: "Brian J. Murrell" <brian at interlinx.bc.ca>
> To: fprint at lists.freedesktop.org
> Subject: [fprint] fingerprints as a crypto key?
> Message-ID: <51E210C4.4020501 at interlinx.bc.ca>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> I opened bug 66881 about this but I wonder if discussion on the list is 
> more appropriate so here goes...
> 
> I wonder what the general consensus is about using fingerprints to 
> [un]lock a password store.  Is there enough information in a fingerprint 
> to provide a decent level of cryptographic security?
> 

http://homepages.cs.ncl.ac.uk/feng.hao/files/biocrypt_TC.pdf

Some research in this area. Based on iris scanners but the principle is the same

Problems include false negatives locking you out
- we use fingerprint recognition for identifying patients in order to dispense controlled drugs to them daily but we need to relearn their prints every couple of months and use a stored photo of the patient as a second identifier for the dispenser

And 
If you have your machine compromised and your fingerprint image hash stolen then how do you revoke that "key"

The paper above was written in conjunction with Professor Ross Anderson, author of "Security Engineering" and may be if interest to you

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/fprint/attachments/20130717/f09abea8/attachment.html>


More information about the fprint mailing list