[email protected] wrote: > Hi.. > > At the end of http://reactivated.net/fprint/wiki/Security_notes#Disk_storage > , > the problem of encrypting fingerprints on disk was raised. > > I've got a solution: use the fingerprint as a key to encrypt a fixed string. > > This is what the unix password system used for ages. > > Alternatively, hash the fingerprint with md5, sha1, or whatever you want. > This > is what the current unix password system does, using PAM. > > If the hash of a new fingerprint matches the hash of the enrolled fingerprint, > they're the same fingerprint (to a very high probability). > > For even higher security, pick some random letters to prepend to the > fingerprint data, hash it, and store the hash and the random letters. It's > designed to prevent two databases from being compared to see if the same > fingerprint is in both just because two fingerprint templates match does not mean that they are identical in fact it is very unlikely
to demonstrate that - just capture the same finger twice and look the differences for that reason your scheme does not work -- simon _______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
