I don't think fingerprint scanners work in a way that's obviously amenable to hashing with "well-known" algorithms. Fingerprint scanners produce an image, from which some features can be identified. But, not all the same features can be extracted identically every time an image is obtained. I know there's been research into fuzzy hashing schemes, but are they sufficiently secure, fast, and easy to code that they would be workable for this?
--nash On 8/31/07, Dave Korn <[EMAIL PROTECTED]> wrote: > On 31 August 2007 02:44, travis+ml-cryptography wrote: > > > I think it might be fun to start up a collection of snake oil > > cryptographic methods and cryptanalytic attacks against them. > > I was going to post about "crypto done wrong" after reading this item[*]: > http://www.f-secure.com/weblog/archives/archive-082007.html#00001263 > > I can't tell exactly what, but they have to be doing *something* wrong if > they think it's necessary to use file-hiding hooks to conceal... well, > anything really. The hash of the fingerprint should be the symmetric key used > to encrypt either files and folders directly on the thumbdrive, or perhaps a > keyring file containing ADKs of some description, but if you do crypto right, > you shouldn't have to conceal or obfuscate anything at all. > > > cheers, > DaveK > [*] - See also > http://www.f-secure.com/weblog/archives/archive-082007.html#00001264 > http://www.f-secure.com/weblog/archives/archive-082007.html#00001266 > -- > Can't think of a witty .sigline today.... > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]