debunking snake oil

Dave Korn dave.korn at
Sat Sep 1 21:09:53 EDT 2007

On 02 September 2007 01:13, Nash Foster wrote:

> I don't think fingerprint scanners work in a way that's obviously
> amenable to hashing with "well-known" algorithms. Fingerprint scanners
> produce an image, from which some features can be identified. But, not
> all the same features can be extracted identically every time an image
> is obtained.  I know there's been research into fuzzy hashing schemes,
> but are they sufficiently secure, fast, and easy to code that they
> would be workable for this?

  Well, if fingerprint scanners aren't reliable enough to identify the same
person accurately twice, it's even moreso snake oil to suggest they're
suitable for crypto... or even biometric authentication, for that.

  (I wonder if the level of variability is manageable enough that you could
generate a set of the most-probable variations of the trace of a given
fingerprint and then use a multiple key/N-out-of-M technique.)

Can't think of a witty .sigline today....

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list