Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exchanging Pictures To Generate Passwords

Posted by timothy on from the worth-a-thousand-words dept.

Roland Piquepaille writes "Today, Ileana Buhan, a Romanian computer scientist, is presenting her PhD Thesis at the University of Twente in the Netherlands. She is using biometrics to protect confidential information when it is exchanged between two mobile devices. This is a very innovative approach to security. Buhan's biometric application will generate almost unbreakable passwords from photos taken by the connected users. Here is how it works. 'To do this, two users need to save their own photos on their PDAs. They then take photos of each other. The PDA compares the two photos and generates a security code for making a safe connection.'"

5 of 123 comments (clear)

  1. Re:Oh Dear by arth1 · · Score: 4, Insightful

    It doesn't work like that. From what I can tell, it uses the image as a seed.
    This is secure as long as that picture is kept secure and NOT given to anyone else, ever.
    However, given the nature of humans, that's too tall an order. If that picture ever leaves the phone on where it was taken, the security is broken.

  2. No problem by djupedal · · Score: 4, Insightful

    And since Ms. Ileana Buhan is on Facebook, we have her photo along with her friends...say 'cheese!'

  3. What is the difference... by Jane+Q.+Public · · Score: 3, Insightful

    ... between this, and simply generating a shared key? Honestly, I don't see any difference. In effect, that is more-or-less what this does... generate a shared key for later communication. Big deal. It doesn't matter whether it is "biometric" at all... other than the fact that so far "biometric" data has been far easier to fool.

    And the "SecureGrip" project is a joke. In order for anyone in their right mind to stake their life on a biometric security device for their gun, it would have to reject others almost perfectly, and accept the legitimate owner infallibly... the latter being the more important of the two by far.

    We are nowhere near that kind of perfection. I wouldn't touch something that uses even the most recent versions of "SecureGrip" with a 10-foot pole, much less pay money for it.

  4. Re:Oh Dear by wvmarle · · Score: 4, Insightful

    Every image is different, it has quite some randomness in it overall. I'm no cryptographer but can imagine that randomness is suitable to make keys.

    What this unfortunately does not seem to address is the secure exchange of those keys. Making a very large secure random key and having a strong unbreakable encryption algorithm is one, exchanging those keys in a secure manner is another. Secure as in having no way of a third party listening in undetected, and getting the actual keys.

    In this case the users have to take photos of themselves, and of each other: that indicates they have to be close together. Then the whole key exchange issue is trivial as it can be handed to the other party on a memory card or cable link or whatever. It is more interesting to be able to exchange those keys over a distance, over an insecure communication channel.

  5. Re:Oh Dear by wvmarle · · Score: 4, Insightful

    Take the pictures for this purpose only and then delete them after making the keys, problem solved.