Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exchanging Pictures To Generate Passwords

Posted by timothy on from the worth-a-thousand-words dept.

Roland Piquepaille writes "Today, Ileana Buhan, a Romanian computer scientist, is presenting her PhD Thesis at the University of Twente in the Netherlands. She is using biometrics to protect confidential information when it is exchanged between two mobile devices. This is a very innovative approach to security. Buhan's biometric application will generate almost unbreakable passwords from photos taken by the connected users. Here is how it works. 'To do this, two users need to save their own photos on their PDAs. They then take photos of each other. The PDA compares the two photos and generates a security code for making a safe connection.'"

4 of 123 comments (clear)

  1. Re:Oh Dear by arth1 · · Score: 4, Insightful

    It doesn't work like that. From what I can tell, it uses the image as a seed.
    This is secure as long as that picture is kept secure and NOT given to anyone else, ever.
    However, given the nature of humans, that's too tall an order. If that picture ever leaves the phone on where it was taken, the security is broken.

  2. No problem by djupedal · · Score: 4, Insightful

    And since Ms. Ileana Buhan is on Facebook, we have her photo along with her friends...say 'cheese!'

  3. Re:Oh Dear by wvmarle · · Score: 4, Insightful

    Every image is different, it has quite some randomness in it overall. I'm no cryptographer but can imagine that randomness is suitable to make keys.

    What this unfortunately does not seem to address is the secure exchange of those keys. Making a very large secure random key and having a strong unbreakable encryption algorithm is one, exchanging those keys in a secure manner is another. Secure as in having no way of a third party listening in undetected, and getting the actual keys.

    In this case the users have to take photos of themselves, and of each other: that indicates they have to be close together. Then the whole key exchange issue is trivial as it can be handed to the other party on a memory card or cable link or whatever. It is more interesting to be able to exchange those keys over a distance, over an insecure communication channel.

  4. Re:Oh Dear by wvmarle · · Score: 4, Insightful

    Take the pictures for this purpose only and then delete them after making the keys, problem solved.