On 22 August 2010 05:19, Dan Kaminsky <d...@doxpara.com> wrote: > So there were actually a couple of *really* cool papers at SIGGRAPH this > year: Normally, computers graphics is all about, given a material, > determine the way light interacts with it. Lately, the field has been > moving the other direction -- given an understanding of the way light > interacts with a material, synthesize something with those properties: > > Physical Reproduction of Materials with Specified Subsurface Scattering > http://www.cs.princeton.edu/gfx/pubs/Hasan_2010_PRO/index.php > > Fabricating Spatially-Varying Subsurface Scattering > http://www.dongallen.com/project/fabscat/fabscat.htm (heh.) > > The general problem with biometrics is that they leak. We've already seen > spoofing hit fingerprint scanners -- with gummi bears, no less. It's pretty > clear that 3D printers are effectively becoming material replication > engines. Ginning up a sufficienct ocular biometric is going to be an > affordable proposition in an uncomfortably small period of time. > > We have much lower standards for biometrics than crypto ciphers. People > _really_ want to be able to self-authenticate. > > That being said, security might be quantized, but it's not absolute. Once > you start throwing in things like threats to family, not even duress phrases > are a catch all ("anything happens to us, your family is dead in a year"). > And there has never, in the history of man, been a security technology that > has achieved complete success against repudiation. Just not how the world > works. > > Last note -- my understanding is that iris entropy is pretty high -- not as > high as blood vessels on the retina, but higher than fingerprints, and way > higher than hand geometry. It also leaks "less", in that fingerprints are > just deposited everywhere. >
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-640.html another high entropy possibility is patterns of blood vessels in palms - fujitsu has tech based on this mike _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.