[cryptography] Generating passphrases from fingerprints
marsh at extendedsubset.com
Sat Dec 4 17:18:45 EST 2010
On 12/04/2010 03:08 PM, Jens Kubieziel wrote:
> recently I had a discussion about biometric data. The following problem
> Assume someone wants to register at a website. He swipes his finger over
> his fingerprint reader. The reader generates strong passphrase from the
> fingerprint and other data (hostname of the targeted site, user name
> etc.) and creates a strong password. This will be the users login
> password. Everytime the user wants to log in again he swipes his finger
> over the reader, password is generated again and sent to the site.
> We were not sure if it possible to generate the same passphrase again
> and again.
Even if it were...what do you do when it gets compromised?
How would the site (or the user) ever change it?
How would the site prove to the user that the user wasn't delegating the
authority to the site to use that fingerprint credential at any other
site that used that technology?
> Does anyone know if such systems exist?
The local parks and rec dept went with a fingerprint scanner. They
insisted on taking the fingerprints of everyone who joined the community
pool, adults and children alike. They said people wouldn't need member
ID cards any more because fingerprints didn't change as you age. They
went back to the old system within a season or two.
> Will generating the
> passphrase work?
There's probably a way to generate something unguessable and repeatable
out of a fingerprint.
A passphrase needs to also be secret though and fingerprints are not. I
printed my fingers onto at least a half-dozen glasses yesterday and gave
them out to untrusted wait staff without a second thought.
Your system would need a way to make them secret.
> I'd glad to hear some opinions about this.
The technology to do something with fingerprint auth has existed for
decades. There's no inherent reason it should be any more difficult than
a simple credit card reader terminal is. But for a variety of reasons,
fingerprint auth hasn't exactly taken off:
1. Fingerprints aren't secrets and it's relatively easy to forge them.
2. They're hard as heck to revoke or change, and you're only issued a
few of them at birth. This is why they're better for catching criminals
than for authenticating logins.
3. They're difficult to "bind" to a specific transaction from the user's
point of view. A customer might be willing to sign a check and give you
money. But they'd be reluctant to sign a blank piece of paper (carte
So it seems like they have very similar biometric propterties to old
fashioned signatures made by hand with a physical stylus, and they suck
as a form of authentication. We have signatures on checks and signature
pads for credit card transactions, but they're more of a ritual than an
actual authentication. I can't remember the last time anyone actually
looked at my signature and have never heard of anyone's transaction ever
being rejected for a bad match.
Additionally, in America at least, having one's fingerprint taken is
associated with being arrested for a crime. For example, IIRC, there
were some laws requiring police to delete prints of people if they were
later not convicted. So fingerprinting is tantamount to accusing someone
of being a criminal suspect. Not something a merchant wants to do to a
customer at the point they have the credit card out in their hand.
More information about the cryptography