|
|
BugTraq
RE: Hacking USB Thumbdrives, Thumprint authentication Feb 04 2004 06:37PM markus-1977 gmx net (3 replies) Re: Hacking USB Thumbdrives, Thumprint authentication Feb 06 2004 03:06PM Dave Aronson (spamtrap secfocus dja mailme org) (1 replies) Biometric systems security [WAS: Re: Hacking USB Thumbdrives, Thumprint authentication] Feb 06 2004 12:48PM Gadi Evron (ge linuxbox org) RE: Hacking USB Thumbdrives, Thumprint authentication Feb 06 2004 10:12AM Navaneetharangan (navaneeth innsolutions com) (1 replies) Re: Hacking USB Thumbdrives, Thumprint authentication Feb 10 2004 01:49PM Eric 'MightyE' Stevens (mightye-removethis- mightye org) |
|
Privacy Statement |
> On Wed February 4 2004 13:37, markus-1977 (at) gmx (dot) net [email concealed] wrote:
>
> > (to the best of my knowledge) there is no
> > hash-function out there that will hash your fuzzy fingerprint to a
> > constant value is it accepts and to something random if it rejects.
>
> Law enforcement agencies use some kind of algorithm to convert
> fingerprints to a numeric value, so that they can be easily compared.
> This resulting value could of course be hashed. Question is, is this
> something that (so far) a human must do, or is it automatable in real
> time by a reasonably small and low-priced system?
Fingerprints are matched on what are called minutae, which are
relative locations where lines break, join, etc.
(some systems may also look at whorl direction, the one I
worked with did not)
A typical digital fingerprint's got somewhere around 20-30 minutae.
Not all of them will be picked up in each scan, depending
on finger orientation, smudging, dirt, etc.
Search criteria will be for some percentage of matches, depending
on the desired false accept/false reject ratio.
So a simple hash of the minutae won't work very well as it will
result in an unacceptably high false reject ratio.
But the matching is easily automated.
The system I worked with used 4-byte ints to represent
minutae location and capped the number at 50.
Eric
[ reply ]