Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashing Out the Next Step in Biometric Security

Posted by ScuttleMonkey on from the facial-hashing-sounds-painful dept.

ergo98 writes "CNN is running a story about biometric hashing. Using this technique, biometric inputs (such as facial characteristics) are altered based upon individual characteristics in a hopefully one-way process. The goal is to continue to reduce the risk of a back-end data exposure."

6 of 117 comments (clear)

  1. Compromises? by Poromenos1 · · Score: 5, Insightful

    I don't like this. Say that someone discovers the "password" (the hash), then you're done. You can't change it (unless you grow a moustache). Same goes with fingerprints, etc. I think a password (passphrase) is much more practical.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:Compromises? by Doug+Coulter · · Score: 5, Insightful

      Bruce Schneier (counterpane.com) has published on and linked to a lot of other publications on the implications of biometrics, and how easy they are in general to steal. Can't just change your password, you've only got 10 fingers (I hope!) and so on. The whole thing is a very bad idea, and most extant schemes are trivially cracked no matter how "secure" the backend. Pictures of retinas/faces have worked, lifted fingerprints translated to gummy silicone have worked, and so forth. No fancy skillz needed to get past any existing system.

  2. Re:Nothing is one way. by Poromenos1 · · Score: 2, Insightful

    Then I'll just XOR all my disc's file's bytes with one another. Someone will surely be able to reconstitute all the files given the one bit. In fact, I'll give you access to my entire disk; the hash is 1.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  3. What about equipment maintenance? by antifoidulus · · Score: 3, Insightful

    Say what you will about passwords, the thing is the require *NO* extra equipment to keep running(well, a keyboard, but you probably need that for other purposes anyway) However, all sorts of biometric scanners need equipment to keep running, equipment that will fail one day, and of course it will be the day that you have to log into your account to fix a critical problem in a critical production system....

    --
    Monstar L
  4. Re:More Misdirection from the Biometric Community by Russ+Steffen · · Score: 3, Insightful
    The three mechanisms for authentication are generally grouped into, something you know (password), something you have (swipe card), and something you are (biometrics).
    In reality, those groups are actually:
    • something you can forget
    • something you can lose
    • something that can change as you age
  5. Re:Isn't there a -1, WRONG? by Mathinker · · Score: 2, Insightful

    OK, "mea culpa" --- I got bits and bytes mixed up
    in the calculations of my previous post.

    It looks less impressive when you have to divide
    by 8 to get bytes...

    That still doesn't make doubling the
    hash lengths every time they're broken a good idea.

    Unless you think the minimum message length will
    be increasing similarly?