Putin Outlaws Anonymity: Identity Verification For Online Services, VPN Bypass Advice a Crime * TorrentFreak - eviltoast
  • QuaternionsRock@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    While decentralized identity verification is a good idea, this approach is not.

    1. Your identity would be permanently compromised as soon as your palm print is stolen. It can also be stolen without you noticing, unlike well-kept passwords. Much less secure than, e.g., a memorable 30 character password.
    2. People lose parts of their palm print all the time. Touching a cast iron pan for a second shouldn’t lock you out of your accounts for a month.
    3. This requires quantizing the human palm print in a way that is not currently possible. Hashing algorithms require the “butterfly effect” to be effective at hiding the private key, meaning a small change in inputs should result in a large change in output. This is a problem for palm prints, where you’re unlikely to make the exact same measurements repeatedly.
    • VonReposti@feddit.dk
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      4
      ·
      1 year ago

      Palm prints and fingerprints are actually produced at the absolute lowest levels of the skin so you’d have to fry your hand all the way to the meat to permanently damage your prints. Otherwise it’ll regenerate fine with time. The biggest risks to your fingerprints is actually aging.

      Not that I think basing such stuff on prints are a good idea, but I just wanted to clarify the resilience of them.

      • acockworkorange@mander.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        People working in citrus orchards are known to temporarily lose their prints. Imagine having no digital access for over a month. It’s a huge contingent of people.

        Other people are known to lose limbs.🤷‍♂️

        Whatever we think of, it’s got to be some 3 or 4 possible systems to cover 99.9% of the cases. And then you’re still left with a lot of marginalized edge cases; and a system that can be exploited by creating multiple disconnected identities using the different systems in isolation.

        I hope I’m wrong and it’s just my own limitations in creativity, but I don’t see a light at the end of this tunnel.

        • VonReposti@feddit.dk
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Completely agree, I was just addressing the durability of prints as it was misrepresented in OPs comment. Burning yourself on a cast iron (or working with citrus and the like) would at most give you temporary problems with scanning the prints. But a severed finger is definitely impossible to read. For most people the problem though first occurs with aging which affects the elasticity of the skin, making prints hard to read.

      • QuaternionsRock@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        By “for a month” I meant to imply that it will grow back. it’s not very common for people to permanently lose their prints, but we have to consider things like cuts and burns here as well. You won’t be able to verify your identity through a system like this until it regrows, which is an obvious problem.