lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 19 Mar 2010 23:13:46 -0400
From: T Biehn <tbiehn@...il.com>
To: mrx <mrx@...pergander.org.uk>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fingerprinting Paper with Laser

What 'limits'? What 'acceptable range' are you talking about?
I think they scan the surface doing pit depth / pit counts like an expensive
cd reader.
Within this presumption, you have to fingerprint either the whole document
or a small square. It cannot be duplicated, it cannot be used to
authenticate 'batches.' It could only be included in some piggyback data
e.g. in the smartcard. Preferrably signed. With some glorious pki.

Keep trying,

-Travis

On Mar 19, 2010 7:20 PM, "mrx" <mrx@...pergander.org.uk> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Valdis.Kletnieks@...edu wrote:

> On Fri, 19 Mar 2010 20:51:40 -0000, mrx said:
>> Consider a production line for printing anything ...
If deviations in the manufacturing process were consistently between known
limits, it still serves as a control.
A hacker may learn those limits but then the problem of recreating an equal
manufacturing process still remains.
Obviously if the deviation in each sample is such that the known level of
consistency is so wide that the process is easily
replicated then the tech is useless as an indicator of integrity.


> A bigger concern is whether normal wear and tear will invalidate the
> measurements - some spots ...
Yes I would agree, but for tokens of limited lifetime perhaps there is still
potential.
Concert tickets, travel tickets etc.
Besides one could always force renewal of the token once it's valid lifetime
has expired.

I still think there may be a potential security benefit here.

mrx


- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
--...
iQEVAwUBS6QExrIvn8UFHWSmAQJnygf/dUiVo37byk9WFfk1PTigC/ZJNYxr7iuB
JZ9Pv/H2d0YI8M/ru54B5Q6rO7RFqDDRJhlgAjLLOY6R1p2D9ai6NvM+yJWfI5eb
gtqOLaV6s4KSY2pl40CYXm26cVOmascglyFOdwSdH76Lu8EERqI7woKra6PNBXv2
1olRAcNr8qmYY6DxBDJPZ1Q3J6/FtGIkMHjh1eg3ysoGtgfPk3TQnusgjqgY5Omp
6MG1Q4wPosVCRAH3igvkR8zRLFpkCgBlHsoV/qvK+poPf4o2h5UNqXIK7jVLrz70
RQmZIH+GrWlXjSS1VLYYf+OHe1W0gRirruS2otj14WqfLvyLrKl3iQ==
=TlBw

-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We be...

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ