[liberationtech] iPhone5S Fingerprint and 5th amendment
R. Jason Cronk
rjc at privacymaverick.com
Wed Sep 11 12:08:25 PDT 2013
Not real familiar with fingerprint matching technology, but you might be
able to use shingling to get around the problem of not wanting to keep
raw data but also not have the divergence problem of hashing, no?
Jason
On 9/11/2013 12:04 PM, Matt Mackall wrote:
> On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:
>> Are there any reasons why fingerprint data couldn't be treated with the
>> same concern as passwords? That is, subject to a one-way hash before being
>> stored, transmitted in signed payloads, etc?
>>
>> I'm not sure how securing this data would be different than passwords --
>> and given how much unique data can be generated from a fingerprint, it
>> should be significantly better than John Doe's 8 character password.
> Fingerprint matching (like just about anything analog) is not going to
> be error or noise-free, and thus will have to work on something less
> than a 100% perfect match. Thus, comparing cryptographic hashes of the
> input with a stored hash won't work: any single bit change in the input
> will completely change the hash.
>
> Similarly, any other sort of one-way algorithm that prevents you from
> reconstructing a valid input from the stored data is not going to work.
>
*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
<enterprivacy.com>
* phone: (828) 4RJCESQ
* twitter: @privacymaverick.com
* blog: http://blog.privacymaverick.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130911/7f5bc4a1/attachment.html>
More information about the liberationtech
mailing list