lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040209102619.B29190@slack.lne.com>
Date: Mon, 9 Feb 2004 10:26:19 -0800
From: Eric Murray <ericm@....com>
To: bugtraq@...urityfocus.com
Subject: Re: Hacking USB Thumbdrives, Thumprint authentication


On Fri, Feb 06, 2004 at 10:06:22AM -0500, Dave Aronson wrote:
> On Wed February 4 2004 13:37, markus-1977@....net wrote:
> 
>  > (to the best of my knowledge) there is no
>  > hash-function out there that will hash your fuzzy fingerprint to a
>  > constant value is it accepts and to something random if it rejects.
> 
> Law enforcement agencies use some kind of algorithm to convert 
> fingerprints to a numeric value, so that they can be easily compared.  
> This resulting value could of course be hashed.  Question is, is this 
> something that (so far) a human must do, or is it automatable in real 
> time by a reasonably small and low-priced system?


Fingerprints are matched on what are called minutae, which are
relative locations where lines break, join, etc.
(some systems may also look at whorl direction, the one I
worked with did not)

A typical digital fingerprint's got somewhere around 20-30 minutae.
Not all of them will be picked up in each scan, depending
on finger orientation, smudging, dirt, etc.

Search criteria will be for some percentage of matches, depending
on the desired false accept/false reject ratio.

So a simple hash of the minutae won't work very well as it will
result in an unacceptably high false reject ratio.

But the matching is easily automated.
The system I worked with used 4-byte ints to represent
minutae location and capped the number at 50.

Eric




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ