Re: Fingerprint as cryptokey

"Kim G. S. Øyhus" <kim@xxxxxxxxxxx> wrote in message
news:ecv3ck$1em$1@xxxxxxxxxxxxxxxxxxxxx
I said your ability to program has no bearing on your cryptographic
ability. Do at least try to understand what I'm saying. In fact designing
the "worlds fastest" implementation of anything tends to have substantial
problems with both power analysis and cache timing, both of which have
been
widely discussed for a decade, so if you really want a damning quote from
me, your implementing the "worlds fastest" (in quotes since I haven't
verified it) RSA is if anything further evidence that you don't know what
you're doing.

So, you claim that a capable cryptographic designer have less
probability of making the worlds fastest RSA for ARM than a
programmer who is not a capable cryptographic designer.

This is in fact what your statements lead to. I have long since come
to the conclusion that you are not capable at logic.

Actually that is not the actual logical conclusion at all. The logical
conclusion is that the fastest method will have security weaknesses, see the
extensive discussion of side channel attacks. So a capable cryptographic
designer WON'T make the world's fastest RSA, because such an RSA would have
enormous flaws.

I have already given several estimates for the entropy of fingerprints
in this thread, directly quotet from a fingerprint book, and they were
sufficient.

Quite the opposite, 9 of your posts have mentioned entropy, of these the
only one with actual numbers associated was a second generation reply to Bob
Silverman's statement of deriving 14-16 bits of entropy. You're only other
claim with any association with a number was that it could be infinite,
which led directly to:
Fails to work > 50% of the time

Again you lie about my system.

You claimed a perfectly entropic infinite stream, in order to verify
anything perfectly entropic it is necessary to transfer it in its
entirety.
It is impossible to transfer an infinite amount of information, therefore
it
MUST fail an inordinate amount of time (>50%), or you lied. Pick one.

I claimed no such thing. You seem to have problems understanding
simple english.

You claimed infinite entropy, since any stream can be (theoretically)
compressed down to just it's entropy, the result is a perfectly entropic
infinite stream. So once again, pick one; it either fails > 50% of the time,
or you lied. Pick one or both.

In fact just to be perfectly clear:

The entropy of the keys [derived form the fingerprint] can be ...
unlimited.
As stated by Kim G. S. Øyhus <kim@xxxxxxxxxxx> on Friday, August 11, 2006
2:15AM PDT.

Indications that it may not work at all

Those "indications" are actually your misunderstandings.

So now you claim that it does not have infinite entropy? If so then it may
be possible that this one and the last are incorrect, but then you would
have to admit that you were incorrect before. You really do make this too
easy, most of the time I have to work a lot harder to put the snake-oil
peddlers in an inescapable situation.

Again, I claimed no such thing. Again you show lack of understanding
of english. I suggest you go back in the thread and see for yourself
what I actually wrote, and quote it.

See the above quote, you in fact directly claimed it could be infinite. So
you still have a choice, does it have a chance at working, or did you lie?

Fails every concept of security put forward

Feel free to address these in any order, I'm certain we can add to the
list
as you go on.

Done.

Failed, completely.

So, you do not consider truth to be a valid argument.

Actual truth is a perfectly good rebuttal, one line claims that allow for
complete annihilation of your concept are not truth, nor a valid argument.

So while I did say that we could add to them as time goes on, I seem to have
narrowed it down to a single issue. Your claims are completely
self-inconsistent, and as such some (if not all) of them MUST be false. The
most glaring one is that you claim both a finite timeframe for it's usage,
and infinite data transfer, clearly one of these is not correct. So which
one is the lie? Or do you lack understanding so much that you can't tell?

In fact I have grown tired of this pointless debate, I feel quite certain
that the information (and I use that in the loosest sense of the word) you
have given, and the simple facts about it's inability to ever work will
suffice to turn up in even the most basic vetting process. As such my job
here is done, unless something actually interesting comes up, I will leave
my questions as purely rhetorical from here on, with no reason for any
further reply by me.
Joe


.