Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <51f007ff-b6bf-20d8-5a93-4d627be45142@bestmx.net>
Date: Tue, 14 Jun 2016 03:11:38 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: A password is the ultimate form of biometrics

I have found today that passwords are the ultimate form of biometrics, 
and here is why:

Fingers vs Fingerprints

It turned out that my "Authentication vs Identification" article was not 
sufficiently conclusive in the sense that some hardcore biometrics fans 
still nurture a non-trivial and well justified objection. So I need to 
address and destroy it, in order to close the topic. My opponents' 
argument is:

Your analysis narrows the both sides of the problem to a 
knowledge/ownership claim. Even if you are right, the conclusion is only 
applicable to the authentication by means of a knowledge token, whereas 
all the rest relations between the user and the token (suitable for 
authentication purposes) are set aside. There is one particularly 
important relation (the one fundamental for the entire biometrics 
field): "the user is" or other way around "the token is a part of the 
user" -- this relation implies inalienability which makes the token safe 
for authentication purposes.

It is true. Completely true. It is undeniably true! In the physical realm.

The trick is that this relation indeed implies inalienability of the 
token, therefore it is not transferable. The very moment you scan my 
biometric data the relation (you base your authentication upon) is 
destroyed. A digital copy of my face is NOT a face and NOT mine either. 
Since the moment this copy is taken I have no control over it. The very 
reason of taking this copy was "my face belongs to me", but the copy 
does not! -- you have lost the very relation you wanted to convey. This 
is how in the digital realm all relations between me an my digital 
assets reduce to the knowledge/ownership claims.

FOOTNOTE: Nor does this copy bear any information about other copies, 
nor does this copy bear any information about its creation or any fact 
of its past, where it has been, who have seen it, whether it is fake at 
all... Still you can identify this copy with my actual face, no doubt 
about it (the identification is not affected by that).

In the physical realm we have a whole bunch of tools to overcome this 
limitation. We use human witnesses as a representation of a very complex 
physical perception of the biometric data (although terribly faulty), we 
use physical world's limitations to assess feasibility of falsification 
the data, etc. All in all my fingerprints mean something to the police 
only when they are made of body grease placed on a relevant item and 
look reasonably "natural" -- a sheet of paper with my fingerprints drawn 
in it has no value for a sane investigator.

-- Hey, I have found and old photocopy of some fingerprints! This must 
be a suspect!
-- WAT?!

It is that in the digital realm there is absolutely no difference 
between the "natural" fingerprints and the photocopies. This is the 
world of photocopies.

But, we have reliable procedures to deal with physical evidence, can we 
employ a machine to do the job? Yes, we can. What relation do we need to 
establish? "The token is the part of the user" or more specifically "the 
biometric data on the machine's sensors belongs to a living person". The 
trouble is, the machine perception is way too narrow. Presented with a 
human finger our machine can (in addition to scanning the picture) 
measure the temperature, humidity, electric conductivity... but none of 
these indicate a human being attached to this finger -- a bag of salt 
could possess all these physical properties! EASILY!

In order to get some reliable readings we can create a very complex life 
monitor that connects to all my vital organs, or we can use an existing 
one -- MY BRAIN (which is, by the way, the most reliable life monitor in 
the known universe -- zero chance of false-positive life reports). 
Instead of connecting to my fingers, arms, legs, and other detachable 
parts of my body, our machine can connect directly to my brain, by means 
of English language. All we need to ensure the relation of bodily 
integrity between my biometric data and myself (I remind you, this 
relation is the foundation of the pro-biometrics argument) is to ask me 
straight:

Dear user, are you sure the finger on my fingerprint scanner is 
connected to your body?

"Gotcha!" -- you may say -- "how can you ensure the truthfulness of the 
answer?". In a very easy and natural manner: we can beforehand agree 
upon a secret obscure nondeductible answer, some sort of a code word... 
Oh! wait!...

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.