Comment 17 for bug 276384

> But I think you missed something about the encryption, and the
> fingerprint data, which indeed would be some kind of hash or string.
> Then why can the fingerprint data itself not be a key,

Because of what Milan wrote. Your fingerprint isn't exactly the same, whenever you scan it. Maybe you turn your finger slightly to one side or the other while scanning, or move it at a different speed. It is the business of biometrical systems to cope with that and use some kind of fuzzy logic to identify not just 100% identical finger scans but those who are sufficiently similar to allow positive recognition. (While it is the business of cryptographic systems, on the other hand, to do exact calculation and not to reveal the decrypted data to attackers guessing only some pieces of the passphrase.)

Additionally the way things work requires, that you have to have a copy of your finger data installed on the system to do the comparison. If you use this data as a passphrase for your password safe, we are going round in circles again.

In the case of the Thinkpad fingerprint scanner and thinkfinger there is the additional fact that the comparison of the fingerprints is done by the scanner itself, and not by the driver software. The driver provides the scanner with the .thinkfinger.bir data and tells it to scan a finger and do the comparison, and then it just returns yes or no. Of course you could totally rewrite pam_thinkfinger to do the comparison itself and use functionality like tf-tool --acquire for every authentication process. But of course it would return slightly different data with every scan - believe me, I've tested it - and so the problem mentioned above would remain.