Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hashing Out the Next Step in Biometric Security

Posted by ScuttleMonkey on Monday August 29, 2005 @02:33PM from the facial-hashing-sounds-painful dept.

ergo98 writes "CNN is running a story about biometric hashing. Using this technique, biometric inputs (such as facial characteristics) are altered based upon individual characteristics in a hopefully one-way process. The goal is to continue to reduce the risk of a back-end data exposure."

3 of 117 comments (clear)

Min score:

Reason:

Sort:

Compromises? by Poromenos1 · 2005-08-29 14:35 · Score: 5, Insightful

I don't like this. Say that someone discovers the "password" (the hash), then you're done. You can't change it (unless you grow a moustache). Same goes with fingerprints, etc. I think a password (passphrase) is much more practical.

--
Send email from the afterlife! Write your e-will at Dead Man's Switch.
1. Re:Compromises? by Doug+Coulter · 2005-08-29 14:56 · Score: 5, Insightful
  
  Bruce Schneier (counterpane.com) has published on and linked to a lot of other publications on the implications of biometrics, and how easy they are in general to steal. Can't just change your password, you've only got 10 fingers (I hope!) and so on. The whole thing is a very bad idea, and most extant schemes are trivially cracked no matter how "secure" the backend. Pictures of retinas/faces have worked, lifted fingerprints translated to gummy silicone have worked, and so forth. No fancy skillz needed to get past any existing system.
The executives of my firm by Anonymous Coward · 2005-08-29 14:36 · Score: 5, Funny

are reluctant to adopt biometrics because they're afraid a crook will rip out their eyes.
Seriously.
They cited Demolition Man.
For real.