[cryptography] replacing passwords with keys is not so hard (Re: PBKDF2 + current GPU or ASIC farms = game over for passwords)
adam at cypherspace.org
Tue Oct 1 15:01:53 EDT 2013
On Tue, Oct 01, 2013 at 10:25:10AM -0700, coderman wrote:
>On Tue, Oct 1, 2013 at 2:12 AM, Adam Back <adam at cypherspace.org> wrote:
>> ... And Lucky has some gruesome
>> alternatively low tech version also which doesnt bear thinking about.
>i'm curious about defeating the liveness detection of fingerprint
>readers using a severed digit. or is non-trivial liveness detection
>only a feature in the most expensive readers?
Hey that was the unmentionable part! But surely that must be true because
if moistened gumi-bear can do the trick surely a finger without blood flow
can. (Eww thanks for that). Most of these biometrics seem pretty stupid.
There was one where they printed out a colour photo of the person and waved
it in front of the camera to give an impression of motion for facial
recognition. Its probably a basic factor of the noise rate in the data, the
limits of recognition, and the tolerable false negative rate = biometrics
are either insecure or unreliable at least for the mid term.
But also you mention expensive biometric readers - some of the rubber
facemasks are damn convincing to the human eye (eg if you watched Bryan
Cranston breaking bad thing on Jimmy Fallon skip to 5:25
http://www.youtube.com/watch?v=XEQk1_F7sL0) - surely that can fool better
facial readers than waving an inkjet printed photo. Probably similar for
fingers - ie readers can up, but your adversary can also make better than
prank gummy bear fake fingers to if thats your threat model.
Biometrics - stupid idea IMO.
More information about the cryptography