Questions tagged [fingerprint]

In information security, a fingerprinting algorithm uniquely identifies the hardware, software or data. Just as human fingerprints uniquely identify people for practical purposes. This fingerprint may be used in penetration tests or for vulnerability management.

108 questions
63
votes
4 answers

Why do mobile devices force user to type password after reboot?

Nowadays, many mobile phones have supported unlocking through fingerprint recognition. However, both iOS and Android require users to enter the password after the device is rebooted, even though an authorized fingerprint is given. My question is:…
nalzok
  • 761
  • 1
  • 6
  • 11
21
votes
4 answers

How will biometrics be a safe way to authenticate users across the internet?

Let's say Alice created a new account on a service and this service saved her fingerprint as a way of logging in later. Then Alice creates a new account on a new service, but unfortunately this second service is not properly secured and the…
19
votes
3 answers

Is iPhone's fingerprint signature a one-way hash?

I've been considering the security of the iPhone 5S fingerprint feature. My main concern is, not that someone could replicate my fingerprint in the physical world and bypass the phone, however that someone could reconstruct my fingerprint based on…
Seth
  • 301
  • 2
  • 6
15
votes
1 answer

Why do certificates need thumbprints?

I recently learned mechanism of certificates. But I can't understand why a "thumbprint" is included in a certificate. For intermediate and end-user certificates, it is verified by its issuer. so it can simply be calculated as the certificate itself…
DDoSolitary
  • 355
  • 1
  • 2
  • 8
15
votes
4 answers

What are the risks of providing my fingerprint to a theme park?

I recently visited Epcot Center and was surprised that they asked to scan one of my fingerprints before I entered the park, even though I already had my ticket in hand. I don't believe they require a specific finger. This seems to be a two-factor…
Pedro
  • 251
  • 2
  • 4
14
votes
1 answer

What are the implications of 5 million peoples fingerprints being stolen from the US Government?

The recent OPM hack has revealed more fingerprints were stolen than previously believed. One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people's…
Steve Sether
  • 21,480
  • 8
  • 50
  • 76
13
votes
2 answers

gpg --fingerprint prints out completely different fingerprint

When displaying the full fingerprint of an OpenPGP key, it get a completely different one compared to the ID. For this specific key: $ gpg --list-keys --fingerprint D72AF3448CC2B034 pub rsa4096 2017-02-09 [SC] [verfällt: 2027-02-07] F554…
Felix
  • 233
  • 2
  • 5
12
votes
2 answers

Is it possible to reliably derive a key from a biometric fingerprint?

Many products (e.g. notebooks, security doors and now smartphones) support some form of fingerprint authentication. That seems simple enough: A trusted system compares a stored representation of a fingerprint with the one presented to a fingerprint…
lxgr
  • 4,094
  • 3
  • 28
  • 37
11
votes
3 answers

iPhone 5S security: Given someone's fingerprint can I use a 3D printer to create a fake finger with a real fingerprint on it?

With such a big deal being made about the iPhone 5S's fingerprint reader (and formerly the Thinkpads' fingerprint readers) I really wonder how secure it is to use fingerprints in lieu of passwords. If you can dust and photograph a roommate's or…
Flan
  • 121
  • 4
11
votes
4 answers

How to verify SHA256 fingerprint of APK

I have downloaded the signal app from https://signal.org/android/apk/. To verify the download, there is a fingerprint provided. But how can I verify this fingerprint with the file? I know that I can use sha256sum to verify a hash, but I guess for a…
Jekoula
  • 199
  • 1
  • 1
  • 9
11
votes
4 answers

How secure is the use of fingerprints (like Apple's TouchID) for authentication in banking apps?

We are working on the development of a banking app and for customers. We need to implement TouchID in Apple's iOS and a fingerprint check in Android. Firstly, what are the possible security risks and considerations related to this technology?…
Kris
  • 211
  • 2
  • 3
10
votes
1 answer

Where are fingerprints stored on an Android phone?

Many recent phones come with a fingerprint scanner. I use them rarely but I'm curious how do hardware and software protect user's fingerprint data from being stolen. Does a fingerprint scanner come with its own storage where fingerprints are…
Cyker
  • 1,613
  • 11
  • 17
9
votes
2 answers

Can an SSH server fingerprint be spoofed?

If I simply connect to an SSH server, get its key fingerprint, and immediately disconnect, does the SSH protocol ensure that the server also had the private key in order to get that far into the handshake? That is, could this entire connection have…
Belorn
  • 93
  • 1
  • 4
9
votes
1 answer

Visual fingerprint verification

OpenSSH allows to show a visual representation of fingerprints with the VisualHostKey, see announcement at O'Reilly and here. The output looks approximately like this: # Host github.com found: line 53 type RSA 2048…
quazgar
  • 240
  • 1
  • 8
9
votes
2 answers

Why do browsers send such detailed user agent strings?

Modern web browsers leak a ridiculous amount of information through the User-Agent header. The following is an example for Safari on iPad, from Wikipedia: Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like…
user114974
  • 91
  • 1
  • 2
1
2 3 4 5 6 7 8