lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Mar 2010 23:12:06 +0000
From: mrx <>
Subject: Re: Fingerprinting Paper with Laser

Hash: SHA1 wrote:
> On Fri, 19 Mar 2010 20:51:40 -0000, mrx said:
>> Consider a production line for printing anything that is used for access
>> control. Now providing there is absolutea consistency across every sample of the
>> material printed/magnetised or otherwise marked during a production run, then
>> only one token need be scanned by laser.
> I thought the point was that there *wasn't* absolute consistency, and what
> was being measured was the deviations in each sample.

If deviations in the manufacturing process were consistently between known limits, it still serves as a control.
A hacker may learn those limits but then the problem of recreating an equal manufacturing process still remains.
Obviously if the deviation in each sample is such that the known level of consistency is so wide that the process is easily
replicated then the tech is useless as an indicator of integrity.

> A bigger concern is whether normal wear and tear will invalidate the
> measurements - some spots will be rubbed smoother by friction, others
> will be roughed up. Yes, the fine article says this:
> "This continued even after they were subjected to rough handling, including
> submersion in water, scorching, scrubbing with an abrasive cleaning pad and
> being scribbled on with thick black marker."
> But I wonder what several years of wear will do.

Yes I would agree, but for tokens of limited lifetime perhaps there is still potential.
Concert tickets, travel tickets etc.
Besides one could always force renewal of the token once it's valid lifetime has expired.

I still think there may be a potential security benefit here.


- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla -


Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ