Comment 18 for bug 54816
Revision history for this message
| Justin Dugger (jldugger) wrote Re: Edgy should include 'bioapi' to support fingerprint readers | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
It's unsafe for a few reasons:
1. As far as I know, PAM doesn't handle this, so you'd be
2. Fingerprints can't work with hashes. The fingerprint scans are noisy enough that no two scans can be assumed identical. Instead auth systems compare stored minutia to the current scan, and introduce a probabilistic verification. The minutia is what's stored in the BIR, but nobody is sure what the details contain.
3. Comparing a given print to all print records is dangerous. (It may also slightly export controlled). If you have several prints recorded, an intruder has ten chances to come up with a close match. More if he has an accomplice. Its an increased risk per user registered, since as stated in 2, it's a probabilistic match.
I wouldn't be surprised if collisions occur if you enroll 100 users. Fortunately, most people appear to be pushing for a single enrollee use case.