Wolfgang Ullrich wrote: > ...this is a problem I thing over since some weeks also. > For me it would be nice to have some kind of a "pattern" that is always > the same for a given fingerprint. This could be used as a > "password" (after some translation into a human readable form) and then > be given to PAM after a fingerprint login. This way we could overcome > the requirement of giving a password to gnome-keyring (for example) > after fingerprint login. > > Some vendors like UPEK have solutions (password-safes or drive > encryptions) that are unlocked by a fingerprint. I could imagine they > need such a pattern derived from a fingerprint as an "unlock-key". So I > suspect there must be a way to derive a "constant pattern" from a > fingerprint.
What vendors normally do is store the passwords in a database on disk, as well as enrollment data for the fingerprint. Then when the finger is scanned, it is compared to the enrollment data, and if successful then the software accesses the password database. I believe UPEK do something a little more advanced - they encrypt the database and store the encryption key inside the fingerprint reader. The hardware only "releases" the key when the hardware-based fingerprint matching returns positive. Regardless, the hashing problem still exists (to my knowledge). Daniel _______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
