In information security, a fingerprinting algorithm uniquely identifies the hardware, software or data. Just as human fingerprints uniquely identify people for practical purposes. This fingerprint may be used in penetration tests or for vulnerability management.
Questions tagged [fingerprint]
108 questions
2
votes
1 answer
False acceptance rate in biometric authentication system
False acceptance refers to an unauthorized user given access to a system which he is not allowed to access. Therefore a false acceptance rate of 1% means the system will incorrectly allow access to someone who is not allowed 1% of the time. I have…
limbenjamin
- 3,944
- 50
- 72
- 1,281
2
votes
1 answer
RSA Signing Key Rotation
I understand the details of RSA encryption/decryption in that a public key can be distributed in the clear since all it can really do anyway is encrypt data. I also understand that this public key can be signed with a different public/private key…
Kyle Jurick
- 31
- 3
2
votes
2 answers
SSH: MITM attack during fingerprint verification?
The first time I connect via SSH, a "fingerprint" appears. How can I be sure that it belongs to my server/router/etc. and has not been tampered with by a fraudster (MITM)?
For example, for key-based authentication, I decide to send the public key to…
Serg90
- 21
- 1
2
votes
1 answer
Fingerprints of a RSA keys - GitHub not matching?
I am wondering how those RSA fingerprints work. I have a GitHub account and created an RSA key pair to set up an ssh connection. Then followed the instruction...
First time I connect to my GitHub it gives me and RSA fingerprint…
LeonSteinn
- 21
- 2
2
votes
1 answer
Why don't fingerprint authentication systems don't store 'hashes'?
Usual password authentication systems do not store passwords directly on the server, but only hashes of those passwords.
Why do fingerprint authentication systems not offer this possibility?
mehdi krimi
- 23
- 2
2
votes
0 answers
How to defend against adblock detection/adblock subscription leaks?
Is there a best practice (or useful extension) for defending against adblock fingerprinting techniques? I'm not asking about how to bypass adblock detection as such, but rather how one might appear invisible (or spoof one's identity) to these…
Lichtung
- 21
- 4
2
votes
1 answer
Browser Fingerprinting to secure login
Is it a good Idea to identify if the user logging in is the actual user who created the account by using Browser fingerprinting?
Basically do a bunch of checks just as they click sign in and if it doesn't match like 80% of all of the data then ask…
Samuel Stubbings
- 21
- 2
2
votes
1 answer
How can Telegram find my phone number on iOS 11 after uninstall?
I wanted to sign in Telegram on my iPod Touch running iOS 11 with another account.
I deleted the app and install it again. On the sign up screen Telegram filled the phone number field with the number I was using 5 minutes before.
So I deleted the…
Rocapot
- 21
- 1
2
votes
2 answers
Updating the SSL fingerprint on an IoT device
I'm currently in the process of designing the security model for an IoT product my company is developing.
The device will be connected to the internet via WiFi and shall communicate with our company's server only.
The communication will be done…
Oromis
- 85
- 4
2
votes
1 answer
Adobe Flash Inside Whonix Workstation
It's known that Flash can give away your real IP address to web services if you use it in Tor Browser directly run by your computers OS. But what if you use flash inside a Whonix workstation (either in Tor Browser or in a "normal" browser like…
UTF-8
- 2,300
- 1
- 9
- 24
2
votes
1 answer
How to get GnuPG fingerpints only for specified key name, not for substring matches?
I have few GnuPG keys: test, test2, some test. When I invoke
gpg --fingerprint test, fingerprints of all keys are listed. When I run gpg --fingerprint test2, only test2 key fingerprint is printed. How can I list fingerprint only for key named…
ctomek
- 275
- 4
- 11
1
vote
1 answer
xmlhttprequest with https - can I test the fingerprint before sending any data
I am making https calls in javascript via xmlhttprequest.
I know the server and its public key in advance. For extra security, I would like to check the public key (or its fingerprint) if its is what I expect.
But I want to do that before I send any…
Nathan
- 359
- 1
- 11
1
vote
1 answer
Is hashing a DLL useful to protect from DLL hijacking?
I want to make sure that the dynamic link libraries used by my application can't be replaced with other libraries of the same name, in order to inject malicious code. Therefore, I thought about creating a fingerprint of the DLLs before releasing new…
WMEZ
- 341
- 2
- 11
1
vote
0 answers
Matching vulnerabilities with upstream versions
How am I supposed to match vulnerabilities with services fingerprint, with string like these? Is there a public database to match these versions with original versions?
> 5.5.29-0ubuntu0.12.04.1
> 5.5.29-0ubuntu0.12.04.2
> 5.5.31-0+wheezy1
>…
asdf
- 229
- 1
- 3
- 6
1
vote
0 answers
Why does Windows facial recognition not require a password on startup?
I was reading the following question:
Why do mobile devices force user to type password after reboot?
To find out why fingerprint authentication on my Windows 10 laptop isn't an option on startup. It turned out to be because it did not meet the…
pigeonburger
- 671
- 1
- 4
- 12