Re: Fingerprint as cryptokey

In article <Mv3Kg.463$MF1.66@xxxxxxxxxxxxxxxxxxxxxxxxxx>,
Joseph Ashwood <ashwood@xxxxxxx> wrote:
"Kim G. S. Øyhus" <kim@xxxxxxxxxxx> wrote in message
news:ecv3ck$1em$1@xxxxxxxxxxxxxxxxxxxxx
I said your ability to program has no bearing on your cryptographic
ability. Do at least try to understand what I'm saying. In fact designing
the "worlds fastest" implementation of anything tends to have substantial
problems with both power analysis and cache timing, both of which have
been
widely discussed for a decade, so if you really want a damning quote from
me, your implementing the "worlds fastest" (in quotes since I haven't
verified it) RSA is if anything further evidence that you don't know what
you're doing.

So, you claim that a capable cryptographic designer have less
probability of making the worlds fastest RSA for ARM than a
programmer who is not a capable cryptographic designer.

This is in fact what your statements lead to. I have long since come
to the conclusion that you are not capable at logic.

Actually that is not the actual logical conclusion at all. The logical
conclusion is that the fastest method will have security weaknesses, see the
extensive discussion of side channel attacks. So a capable cryptographic
designer WON'T make the world's fastest RSA, because such an RSA would have
enormous flaws.

Not true for several reasons. The fastest method will have very
chaotic structure because the fastest systems of multiplication have
chaotic structure. This is not something that is commonly known, and
even people deep in cryptography does not necessarily know this. The
reasons for this chaotic structure is that multiplications can be made
more efficient by being factored into interpenetrating group
structures which are relatively prime to each other, recursively. This
effect has several similarities to pseudo random generators. My thesis
has a fourier analyzer built this way, and the code looks like random
statements of addition and subtraction. There is very little structure
there.

The articles I have seen about side channels were through the power
use on cryptographic processors, where one could se wether there was
an addition after each squaring when expoonentiating, and
similar. This is different from programs, where bits are typically
mixed together in chunks during exponentiation.

And besides, you have vehemenly talked about the weakness of using
fingerprints as keys, since they are possible to steal, and now you
suddenly use the cryptographic security of the system as an argument,
when you claim the system is not secure anyway?



I have already given several estimates for the entropy of fingerprints
in this thread, directly quotet from a fingerprint book, and they were
sufficient.

Quite the opposite, 9 of your posts have mentioned entropy, of these the
only one with actual numbers associated was a second generation reply to Bob
Silverman's statement of deriving 14-16 bits of entropy. You're only other
claim with any association with a number was that it could be infinite,
which led directly to:

So, you were not able to find any of the estimates i gave.
And you are so arrogant and confident that you believe they are
not there if you cannot find them.

Well, here they are, so you are obviously too confident:

"Considering that fingerprints contain about 30 to 240 bits of
information according to different scientific articles, it should be
possible to use much more than 14-16 bits worth. And I know this is
possible. "




Fails to work > 50% of the time

Again you lie about my system.

You claimed a perfectly entropic infinite stream, in order to verify
anything perfectly entropic it is necessary to transfer it in its
entirety.
It is impossible to transfer an infinite amount of information, therefore
it
MUST fail an inordinate amount of time (>50%), or you lied. Pick one.

I claimed no such thing. You seem to have problems understanding
simple english.

You claimed infinite entropy, since any stream can be (theoretically)
compressed down to just it's entropy, the result is a perfectly entropic
infinite stream. So once again, pick one; it either fails > 50% of the time,
or you lied. Pick one or both.

In fact just to be perfectly clear:

The entropy of the keys [derived form the fingerprint] can be ...
unlimited.
As stated by Kim G. S. Øyhus <kim@xxxxxxxxxxx> on Friday, August 11, 2006
2:15AM PDT.

So, you do not understand the difference between "unlimited" and "infinite".
That is one of your problems in understanding simple english.
The fact that the entropy is unlimited does not mean that it is infinite.
It just means that there is no limit to how large the entropy can be.
An unlimited number can have any finite value, but not infinity, because that
is not a number.

And you also inserted "[derived from the fingerprint]" which I never
wrote and never meant. It just illustrates even clearer your
misunderstandings and you putting words into my mouth.
At least you were a little bit honest about that part.


Indications that it may not work at all

Those "indications" are actually your misunderstandings.

So now you claim that it does not have infinite entropy? If so then it may
be possible that this one and the last are incorrect, but then you would
have to admit that you were incorrect before. You really do make this too
easy, most of the time I have to work a lot harder to put the snake-oil
peddlers in an inescapable situation.

Again, I claimed no such thing. Again you show lack of understanding
of english. I suggest you go back in the thread and see for yourself
what I actually wrote, and quote it.

See the above quote, you in fact directly claimed it could be infinite. So
you still have a choice, does it have a chance at working, or did you lie?

Again you have this problem of understanding the difference between
"unlimited" and "infinite".



Fails every concept of security put forward

Feel free to address these in any order, I'm certain we can add to the
list
as you go on.

Done.

Failed, completely.

So, you do not consider truth to be a valid argument.

Actual truth is a perfectly good rebuttal, one line claims that allow for
complete annihilation of your concept are not truth, nor a valid argument.

But you never delivered any such claim. All you did was to write falsities.



So while I did say that we could add to them as time goes on, I seem to have
narrowed it down to a single issue. Your claims are completely
self-inconsistent, and as such some (if not all) of them MUST be false. The
most glaring one is that you claim both a finite timeframe for it's usage,
and infinite data transfer, clearly one of these is not correct. So which
one is the lie? Or do you lack understanding so much that you can't tell?

I never claimed an infinite data transfer.
You are delusional.



In fact I have grown tired of this pointless debate, I feel quite certain
that the information (and I use that in the loosest sense of the word) you
have given, and the simple facts about it's inability to ever work will
suffice to turn up in even the most basic vetting process.

A working prototype exists and was shown on a biometric exhibition in
London a couple of years ago. A patent is granted and I have posted
its number. Peter Pearson have also made systems like this work, and
have better patents.

You could have checked these facts since they are available,
but you obviously prefer your delusions.



As such my job here is done, unless something actually interesting
comes up, I will leave my questions as purely rhetorical from here
on, with no reason for any further reply by me.

So, your job is write your delusions about me.

Kim0
.