Neither, your actual fingerprint isn't used for authentication. a mathematical value is used that results from using a limited data set from several points on your finger such as the relation of some whorls to another and then applying a math formula to it called a hash.
How many data points that are used and the cryptographic math is of course a closely guarded secret but in the end no your fingerprint as the FBI or other government agencies might have it are not given to BB or Google.
Neither, your actual fingerprint isn't used for authentication. a mathematical value is used that results from using a limited data set from several points on your finger such as the relation of some whorls to another and then applying a math formula to it called a hash.
How many data points that are used and the cryptographic math is of course a closely guarded secret but in the end no your fingerprint as the FBI or other government agencies might have it are not given to BB or Google.
The hash is stored in a secure element on the phone where the OS and CPU do not have access. All the OS can ask is basically "yes or no, does the digit just presented match one of the registered digits?"
The hash is stored in a secure element on the phone where the OS and CPU do not have access. All the OS can ask is basically "yes or no, does the digit just presented match one of the registered digits?"
It was in response to the first answer which was extremely long and complicated. The OP's question needed just a simple answer.
It was in response to the first answer which was extremely long and complicated. The OP's question needed just a simple answer.
Ah, I see. I thought it was a good explanation, though, because the data stored is actually specific to the device. So there is no way to steal fingerprints from the device since the fingerprint image itself is not stored.
[QUOTE=Emaderton3;12956489]It was in response to the first answer which was extremely long and complicated. The OP's question needed just a simple answer.
"Extremely" long and complicated? Seriously lol. The first answer was relevant and interesting.
yes your actual FP is not in your phone otherwise there would be no need to use your FP again if you reset/restarted the process to add the capability to use your FP to unlock your phone/apps.
Therefore when you reset/restart it the process uses some other data points in your FP, creates a math value from hash, stores it encrypted in Secure Element(IOS) or TrustZone(ARM) and so on.
Also since it's not a fingerprint that's stored, but a hashed value based on your fingerprint, even if by some means somebody gets the hashed value from you phone it cant' be easily transformed back into your fingerprint.
Finding out what dataset generated a hash (if the hashing algorithm is good) can only be done by brute force attack which takes a long long time.
Also since it's not a fingerprint that's stored, but a hashed value based on your fingerprint, even if by some means somebody gets the hashed value from you phone it cant' be easily transformed back into your fingerprint.
Finding out what dataset generated a hash (if the hashing algorithm is good) can only be done by brute force attack which takes a long long time.
Just so your point is clear, in this case, "a long, long time" is measured in decades.
Question if I may: if the fingerprint isn't stored and based on a hashed value why is it, when going to register a fingerprint on my D60, the message reads, "your fingerprint may be less secure than a strong pattern or PIN."
Not saying you guys are wrong but trying to understand why this message might be showing. I'm sure a fingerprint is more secure than my picture password and I'd like to move onto the fingerprint as my unlocking method of choice.
Question if I may: if the fingerprint isn't stored and based on a hashed value why is it, when going to register a fingerprint on my D60, the message reads, "your fingerprint may be less secure than a strong pattern or PIN."
Not saying you guys are wrong but trying to understand why this message might be showing. I'm sure a fingerprint is more secure than my picture password and I'd like to move onto the fingerprint as my unlocking method of choice.
Because, theoretically, someone can unlock your phone in your sleep by putting your finger on the sensor.
Another extreme scenario is someone cutting your finger for unlocking your phone.
Question if I may: if the fingerprint isn't stored and based on a hashed value why is it, when going to register a fingerprint on my D60, the message reads, "your fingerprint may be less secure than a strong pattern or PIN."
Not saying you guys are wrong but trying to understand why this message might be showing. I'm sure a fingerprint is more secure than my picture password and I'd like to move onto the fingerprint as my unlocking method of choice.
If you are that worried about the nefarious use of your fingerprint to open your device, lock it with the screen lock. If you do your password will need to be entered (of you have one set up, Lol) to unlock it. The fingerprint will not work. There is a shortcut for screen lock provided in the BlackBerry launcher.