Re: Fingerprint as cryptokey

In article <outCg.5824$kO3.5462@xxxxxxxxxxxxxxxxxxxxxxxxxx>,
Joseph Ashwood <ashwood@xxxxxxx> wrote:
"Kim G. S. Øyhus" <kim@xxxxxxxxxxx> wrote in message
news:ebd8f9$6q1$1@xxxxxxxxxxxxxxxxxxxxx
In article <vy_Bg.4919$9T3.3064@xxxxxxxxxxxxxxxxxxxxxxxxxx>,
Joseph Ashwood <ashwood@xxxxxxx> wrote:

Selling a product. The problem with this is that you offer no benefit over
the currently available technology, at least none that you have mentioned.

I mentioned one advantage: That I know how to actually make
fingerprints work as cryptokeys, while the others do not. Having a
product that works is a benefit.

Other products work, so this is a method of working, and not an advantage.

I know of no products that actually can use fingerprints as
cryptographic keys. If you know of some, you should mention them.


Further, it is actually a _disadvantage_ because once a key is compromised
it is permanently compromised, so anyone who has more than 1 such login has
immediately lowered security.

You think of this solely in cryptographic terms, not in terms of how
people actually use systems, such as metal keys, credit cards,
cheques, etc., which all have less security and less ease of use than
using a fingerprint for a cryptokey.


An advantage is what increases the disparity between the use and attack
costs.

And simply using a finger to pay is very easy and convenient, thus an
advantage which can increase earnings.



The truth is that hardware verification to unlock a key is functionally as
secure as using the print itself for a key.

The advantage of this is that people have their fingers with them.

Seemingly every laptop manufacturer disagrees with you, many have integrated
fingerprint authentication into their laptops. What is the advantage of your
method over the others?

That is a sign they agree with me, not disagree.


Now on to the more important part, and the claim that quickly become
non-functional. Any attempt to choose or fix the private key in an RSA key
pair results in a very large public key, this slows the system, and
becomes
detrimental. This means that still you would be using the print to control
access to the key. Unless your design is notably cheaper I don't see the
benefit.

The keys become normal sized, not large. And they can be revoked.

Actually they do not, the normal public key for RSA is 65537, a public key
generated from your system will be the length of the modulus.

I know my system better than you, and my RSA keys can be any length.
Your claims about key sizes is wrong.


One
finger can have several keys.

Then you have to be storing additional data on the token, so once again,
what is your advantage?

I do not store additional data on any token because there is no token,
except for the fingerprint itself. This is the main advantage.



So what is your real benefit?

Ease of use. The finger is a token.

Everyone has this benefit, what is *your* real benefit?

Only the finger is the token. One do not have to use any other token
than the finger itself.

Kim0

.

Relevant Pages