lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 12 Feb 2004 19:44:31 +1100
From: "Lyal Collins" <lyalc@...mail.com.au>
To: "'Charles Clancy'" <clancy@....missl.cs.umd.edu>,
	"'David Brodbeck'" <DavidB@...l.interclean.com>
Cc: "'Dave Aronson'" <spamtrap.secfocus@....mailme.org>,
	<bugtraq@...urityfocus.com>
Subject: RE: Hacking USB Thumbdrives, Thumprint authentication


[> Most fingerprint systems convert the fingerprint image into 
[> what's called
[> a template.  This is a numeric representation, but 
[> comparision between
[> two templates is not as simple as "==".  Different portions of the
[> template represent different minutae on the fingerprint, and 
[> an actual
[> feature matching algorithm still needs to be used.  Thus, we 
[> cannot hash
[> these templates because there is no way to perform matching on the
[> template hashes.

There has been some interesting work done with facial biometrics that
leverages the predictability of facial features (most eyes look similar,
noses have a similar basic shape etc) to allow the generation of a
'false' facial image that will match to the template of a chosen target
template.  This iterates the placement and subtle variations in the
faked facial image until this fake image results in an acceptable match
through the same template generation process.  The image doesn't need to
be exactly the same (and the example images I saw were barely "human" to
the naked eye) - merely that theey result in a similar template as the
true image.
 
I suspect the same process of iteratively varying whorls, ridges etc
could, and would, result in a fales fingerprint that results in an
acceptable template match to the real finger.

Has anyone researched this with fingerprints?
Lyal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ