Proposal: Personal Data Encryption (maybe SoC?)

Henryk Plötz henryk at
Sun Mar 18 20:35:43 CET 2007


Am Sun, 18 Mar 2007 18:40:26 +0100 schrieb danimanns at
> I would appreciate a fingerprint sensor - there are a lot of Asian 
> mobile phones / smart phones
> with a fingerprint sensor...

Yeah, but a fingerprint sensor adds only convenience and no security
at all. starbug regularly demonstrates circumventing any fingerprint
sensor on the market (last was the sensor in IBMs Thinkpads, see or
some older material in english at

Plus: it doesn't solve the underlying problem: A fingerprint sensor
might give you authentication (comparable in strength to a numerical
3-digit PIN without retry counter) but can't give you a decryption key.
At least it's not obvious to me how one would derive a key with
sufficient entropy from the sampled fingerprint data. Biometric
authentication always works with some fuzziness factor. Encryption
doesn't allow any fuzziness.

Henryk Plötz
Grüße aus Berlin
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~

More information about the community mailing list