Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] iPhone5S Fingerprint and 5th amendment

Matt Mackall mpm at selenic.com
Wed Sep 11 09:04:44 PDT 2013


On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:
> Are there any reasons why fingerprint data couldn't be treated with the
> same concern as passwords? That is, subject to a one-way hash before being
> stored, transmitted in signed payloads, etc?
>
> I'm not sure how securing this data would be different than passwords --
> and given how much unique data can be generated from a fingerprint, it
> should be significantly better than John Doe's 8 character password.

Fingerprint matching (like just about anything analog) is not going to
be error or noise-free, and thus will have to work on something less
than a 100% perfect match. Thus, comparing cryptographic hashes of the
input with a stored hash won't work: any single bit change in the input
will completely change the hash.

Similarly, any other sort of one-way algorithm that prevents you from
reconstructing a valid input from the stored data is not going to work.

-- 
Mathematics is the supreme nostalgia of our time.





More information about the liberationtech mailing list