Jump to content


SquallStrife

Member Since 10 Sep 2008
Offline Last Active Private
***--

Posts I've Made

In Topic: Fingerprint sensors; Secure?

30 August 2017 - 01:35 PM

Biometrics are not passwords. The key attribute of a password is that it's revocable. You only have 10 fingers. If you're using fingerprints as passwords you've got 10 for your whole life, and you leave 'em everywhere, including on the screen of the phone you're using them to secure. Biometrics are usernames. They identify you, but they shouldn't be used without a password. By definition, fingerprint sensors without passwords are not secure.
 
As a general guideline, if you can chug half a bottle of vodka and pass out, and a malicious actor can log into your account/device/whatever using just your unconscious body and what's on you at the time, you don't have any security at all.


In 2-Factor parlance, a fingerprint is "something you have", whereas a password is "something you know". Together, they're far stronger than either one by itself.

As for how fingerprints are stored, I have no reason to believe that they're stored differently (in principle) to a password. That is, salted, then digested by some hashing algorithm like SHA-256.

Obviously there's some background magic to account for how presenting a fingerprint is a varied process, but in principle there shouldn't be a way to reverse-engineer your fingerprint from the stored hash.

At best, the local device is compromised, and as long as hash values are salted differently in different locations (as they should be), then it'd be for all intents and purposes impossible to use the obtained digest anywhere else.

In Topic: Post Your Latest Real Life Purchase!

05 July 2017 - 10:46 AM

36737_P_1476427013357.jpg

Psyched.

In Topic: New car time (also, ow)

04 July 2017 - 11:25 AM

So get an XR6T.

I'm 2 years into my non-turbo XR6 and I love it.

Screw the haters. You don't need a ricer.

In Topic: What's on your mind?

27 June 2017 - 11:16 AM

Cheers Jeruselem, I also noticed that the "opinion and report" can be up to three "sessions".

I'm still hoping to hear more about the actual process itself, so any further input is welcome!

In Topic: What's on your mind?

27 June 2017 - 10:28 AM

Quick question for people in the medical business (scruffy maybe?), what's the deal with Medicare item 291?

I'm going to see a psychiatrist, and the doctor specified this item so it wouldn't cost me anything.

Has anyone else been through this process? How many sessions do I get? Will I have to pay for sessions after the initial consult?