Biometric Hashes Are Reversable. News At 11
A couple of recent stories on BoingBoing, regarding fingerprint readers at Walt Disney World and at a Georgia cafeteria line, have brought back the old canard that biometric “hashes” are irreversable. This is ridiculous, we’ve known how to reverse these “hashes” for years:
Ultimately, this is a general trait of the technology: The algorithms don’t return “match” or “don’t match”; rather they tell you how far you are from a valid match. So…you take some random image, see how far away it is, and change it a little. If you get closer, change a little more. If you get farther away, revert your change and try something else. Eventually, you find yourself looking at something that, while not exactly identical to the original, is ultimately recognizable.
Gah. Biometrics people, your stuff isn’t bad. Please stop overselling it.
Dan Kaminsky's Blog 