[cryptography] Generating passphrases from fingerprints

Jonathan Katz jkatz at cs.umd.edu
Sat Dec 4 19:44:11 EST 2010

On Sat, 4 Dec 2010, Jens Kubieziel wrote:

> Hi,
> recently I had a discussion about biometric data. The following problem
> occured:
> Assume someone wants to register at a website. He swipes his finger over
> his fingerprint reader. The reader generates strong passphrase from the
> fingerprint and other data (hostname of the targeted site, user name
> etc.) and creates a strong password. This will be the users login
> password. Everytime the user wants to log in again he swipes his finger
> over the reader, password is generated again and sent to the site.
> We were not sure if it possible to generate the same passphrase again
> and again. Does anyone know if such systems exist? Will generating the
> passphrase work? I'd glad to hear some opinions about this.

There has been much work on this question in the cryptography literature 
under the name "fuzzy extractors", though I don't think any of it has yet 
been implemented. A survey from 2008 is available here:

More information about the cryptography mailing list