Not real familiar with fingerprint matching technology, but you might be
able to use shingling to get around the problem of not wanting to keep
raw data but also not have the divergence problem of hashing, no?
Jason
On 9/11/2013 12:04 PM, Matt Mackall wrote:
On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:
Are there any reasons why fingerprint data couldn't be treated with the
same concern as passwords? That is, subject to a one-way hash before being
stored, transmitted in signed payloads, etc?
I'm not sure how securing this data would be different than passwords --
and given how much unique data can be generated from a fingerprint, it
should be significantly better than John Doe's 8 character password.
Fingerprint matching (like just about anything analog) is not going to
be error or noise-free, and thus will have to work on something less
than a 100% perfect match. Thus, comparing cryptographic hashes of the
input with a stored hash won't work: any single bit change in the input
will completely change the hash.
Similarly, any other sort of one-way algorithm that prevents you from
reconstructing a valid input from the stored data is not going to work.
*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
<enterprivacy.com>
* phone: (828) 4RJCESQ
* twitter: @privacymaverick.com
* blog: http://blog.privacymaverick.com
--
Liberationtech is a public list whose archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.
