"Ephemeral" Biometrics
grarpamp
grarpamp at gmail.com
Mon Jun 9 13:36:10 PDT 2014
On Mon, Jun 9, 2014 at 9:10 AM, Cathal Garvey
<cathalgarvey at cathalgarvey.me> wrote:
> Also, many (perhaps most) biometrics can be trivially forged. Facial
> pictures are laughable without depth, but a 3D printed mask can probably
> fool them even then. DNA is trivial to copy using the same methods
> forensics depend on to ID it (and there are even companies that will
> produce artificial DNA fingerprints to-order, now). Fingerprints can be
> cloned using toner, and even enhancements like temperature/humidity..
> observe CCC's defeat of the iPhone fingerprint scanner within days of
> release.
Biometrics suck for privacy and security because you're
often giving them a sample of the raw biodata itself... your picture,
palmprint, dna. They have that and can use it against you or
lose custody and you yourself have been compromised with no
own fault of yours and cannot go back.
Now if you give it to your own machine which makes and
presents a hash to others, you are safer there. But no more secure
than former.
Two factors of 'know' and 'have' with threat of sanction usually
works fine. ie: HOTP, secureid, key+pin, your own biohash, etc.
Be careful what you wish for, some holes have value.
More information about the cypherpunks
mailing list