Unfortunately, that will not work. Correct me if I'm wrong, but a fingerprint is never (for all intents and purposes) the same scanned twice in a row. The magic matching of scanned fingerprint against stored prints is performed by the Bozorth3 algorithm based on discovered minutiae. And the match decision is not a binary "matched"/"not matched" answer, but rather a matching score.
Hence you will never be able to reproduce the encryption key (or message for the digest), which renders any systems based on this approach quite useless. -Artem On Mon, Jun 1, 2009 at 8:51 PM, <[email protected]> wrote: > Hi.. > > At the end of > http://reactivated.net/fprint/wiki/Security_notes#Disk_storage , > the problem of encrypting fingerprints on disk was raised. > > I've got a solution: use the fingerprint as a key to encrypt a fixed > string. > > This is what the unix password system used for ages. > > Alternatively, hash the fingerprint with md5, sha1, or whatever you want. > This > is what the current unix password system does, using PAM. > > If the hash of a new fingerprint matches the hash of the enrolled > fingerprint, > they're the same fingerprint (to a very high probability). > > For even higher security, pick some random letters to prepend to the > fingerprint data, hash it, and store the hash and the random letters. It's > designed to prevent two databases from being compared to see if the same > fingerprint is in both. > > Good luck! > _______________________________________________ > fprint mailing list > [email protected] > http://lists.reactivated.net/mailman/listinfo/fprint >
_______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
