[cryptography] Generating passphrases from fingerprints

James A. Donald jamesd at echeque.com
Sat Dec 4 18:19:57 EST 2010

On 2010-12-05 7:08 AM, Jens Kubieziel wrote:
> Hi,
> recently I had a discussion about biometric data. The following problem
> occured:
> Assume someone wants to register at a website. He swipes his finger over
> his fingerprint reader. The reader generates strong passphrase from the
> fingerprint and other data (hostname of the targeted site, user name
> etc.) and creates a strong password. This will be the users login
> password. Everytime the user wants to log in again he swipes his finger
> over the reader, password is generated again and sent to the site.
> We were not sure if it possible to generate the same passphrase again
> and again. Does anyone know if such systems exist? Will generating the
> passphrase work? I'd glad to hear some opinions about this.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

Canonicalizing biometric data does not work.  You have to send the 
biometric data itself, and whether the match is good enough.

More information about the cryptography mailing list