02-08-15 07:45 PM
61 123
tools
  1. cbvinh's Avatar
    Lol that's like me saying I illegally downloaded a movie but it's not the actual movie... it was compressed

    The hash, if any, regardless if it's SHA based, holds the fingerprint model.
    We're talking about cryptography, not compression.
    jmr1015 likes this.
    01-17-15 09:52 PM
  2. byex's Avatar
    I'm going to bookmark this thread for when BB starts using the same tech and it suddenly is oh so awesomely super!


    Sent from my iPad Air using Tapatalk
    Premeditated Blackberry bashing? Awesome can't wait.

    Posted via CB10
    01-17-15 11:59 PM
  3. reeneebob's Avatar
    Premeditated Blackberry bashing? Awesome can't wait.

    Posted via CB10
    I don't think my post meant what you think it meant.


    Sent from my iPad Air using Tapatalk
    01-18-15 02:49 AM
  4. gvs1341's Avatar
    I'm going to bookmark this thread for when BB starts using the same tech and it suddenly is oh so awesomely super!
    Just like Apple's (late) implementation of NFC, right? :-)

    CB10 @ Q5
    01-18-15 05:10 AM
  5. DenverRalphy's Avatar
    Lol that's like me saying I illegally downloaded a movie but it's not the actual movie... it was compressed

    The hash, if any, regardless if it's SHA based, holds the fingerprint model.
    The hash doesn't hold or contain the fingerprint model. It's a mathematical algorithm that can only be solved by data generated from scanning the fingerprint. Without the actual fingerprint, the hash is completely useless. Similar to RSA encryption key pairs. The public key can encrypt the data (the hash), but you can't decrypt the encrypted data without the secret key (data generated from scanning the actual fingerprint).
    mornhavon likes this.
    01-18-15 09:47 AM
  6. early2bed's Avatar
    You've got to wonder what Blackberry is going to do to implement biometric technology in its hardware. Touch ID is far enough along that iPhones users are able to keep their devices locked at all times without having to enter any unlock codes, and maintain passcode-less security for individual apps when, say, someone else if using your device. Concerns about security and privacy aren't going to gain much traction among the users who experience these conveniences in their other devices.
    01-18-15 10:15 AM
  7. byex's Avatar
    I don't think my post meant what you think it meant.


    Sent from my iPad Air using Tapatalk
    No I know what it meant. I was just messing around.

    But on another note biometrics are wrought with problems just as passwords are. May be one of the reasons why it hasn't had a global implementation and standard.

    Apple is one of, if not the only one, that has made headway into biometric authentication on a large scale.

    Posted via CB10
    Last edited by byex; 01-18-15 at 06:52 PM.
    reeneebob likes this.
    01-18-15 11:00 AM
  8. TheAuthority's Avatar
    If that were indeed the case, Public/Secret key pair encryption would be completely useless. Which would turn the encryption industry upside down.

    In very basic terms using the expressions used in this thread... the hash would be the public key good for nothing but encrypting data. It would still require the information from the secret key (the fingerprint) which contains the essential variables to decrypt the data.
    The hash doesn't hold or contain the fingerprint model. It's a mathematical algorithm that can only be solved by data generated from scanning the fingerprint. Without the actual fingerprint, the hash is completely useless. Similar to RSA encryption key pairs. The public key can encrypt the data (the hash), but you can't decrypt the encrypted data without the secret key (data generated from scanning the actual fingerprint).
    ^
    ^^This. As I understand it, the hash is created by running a password through a one-way mathematical function. (It's not an equation that works both ways.) When hackers steal hashed passwords from a compromised server, they know the mathematical function (that part is no secret), but they are faced with the task of brute forcing the function to try to obtain hash matches. Whenever they run a correct password through the function (by guess or by offline brute force attempts), they get a hash match and successfully crack a password. If your password is sufficiently long (or your fingerprint sufficiently complex) that could take a very long time.
    01-18-15 11:17 AM
  9. Smitty13's Avatar
    The hash doesn't hold or contain the fingerprint model. It's a mathematical algorithm that can only be solved by data generated from scanning the fingerprint. Without the actual fingerprint, the hash is completely useless. Similar to RSA encryption key pairs. The public key can encrypt the data (the hash), but you can't decrypt the encrypted data without the secret key (data generated from scanning the actual fingerprint).
    Excellent explanation.

    Forgive my ignorance in asking, but would it not be prudent of Apple to introduce a salted-hash to help further obfuscate a user's fingerprint hash? Would that not make hash matching extremely improbable if they are in fact storing these hashes?

    Or would this essentially be impossible to implement due to a necessary match being required for various Apple services? I am not very familiar with this part of Apple's architecture.
    01-18-15 01:25 PM
  10. reeneebob's Avatar
    Just like Apple's (late) implementation of NFC, right? :-)

    CB10 @ Q5
    Nah I don't think NFC is awesome for anything. It's a non starter for me.


    Sent from my primary iPhone 6+, my iPad Air 4G, my backup Nexus 5 or my work issued Xperia Z3C.
    01-18-15 02:32 PM
  11. reeneebob's Avatar
    No I know what it meant. I was just messing around.

    But on another note biometrics are wrought with problems just as passwords are. Nay be one of the reasons why it hasn't had a global implementation and standard.

    Apple is one of, if not the only one, that has made headway into biometric authentication on a large scale.

    Posted via CB10
    Forums aren't conducive to hearing joking lol no worries. *beer*


    Sent from my primary iPhone 6+, my iPad Air 4G, my backup Nexus 5 or my work issued Xperia Z3C.
    01-18-15 02:33 PM
  12. BBPandy's Avatar
    I'm going to bookmark this thread for when BB starts using the same tech and it suddenly is oh so awesomely super!


    Sent from my iPad Air using Tapatalk
    BlackBerry didn't say they would never do this while working on tech to do exactly what they claimed they would never do.

    I'm fingerprinted every day, & often retina scanned too. It's something I have to do if I want to have my job. The issue at hand isn't biometrics (which I think is inevitable) It's Apple once again lying through their teeth.

    BTW my biometric checks are never by them selves. There's always other systems in place to make sure that the finger / eye that I'm scanning is really mine

    Posted via CB10
    01-19-15 01:16 AM
  13. reeneebob's Avatar
    Yup. Okay.

    Tapatalked from my iPhone 6+ primary line, my iPad Air 4G, my backup Nexus 5 or my work issued Xperia Z3C.
    01-19-15 06:49 AM
  14. birdman_38's Avatar
    The funny thing about posts like these is when BlackBerry includes a fingerprint scanner, it will be well received by the community.
    reeneebob, mikeo007, 3Dee and 3 others like this.
    01-19-15 09:39 AM
  15. Ment's Avatar
    Excellent explanation.

    Forgive my ignorance in asking, but would it not be prudent of Apple to introduce a salted-hash to help further obfuscate a user's fingerprint hash? Would that not make hash matching extremely improbable if they are in fact storing these hashes?

    Or would this essentially be impossible to implement due to a necessary match being required for various Apple services? I am not very familiar with this part of Apple's architecture.
    Yes they could add additional data, salting it, and/or hash it multiple times making it even harder to decrypt.
    I think the point is that Apple doesn't have to invent a new security model for remote Touch ID to work. The cryptographic implementations already exist and is some cases are in the public domain.
    01-19-15 06:16 PM
  16. BBPandy's Avatar
    The funny thing about posts like these is when BlackBerry includes a fingerprint scanner, it will be well received by the community.
    It's like u didn't even bother to read my post, or my above explanation of my OP

    Posted via CB10
    01-21-15 01:39 AM
  17. terminatorx's Avatar
    It wouldn't be your actual fingerprint its a hash.


    That hash is what would be stored in the cloud instead where it is now in the Secure Enclave of the Iphone. If the hash is compromised then a new one would have to be created. I imagine if a cloud breach took place that Apple would send a notification to every Iphone to setup Touch ID again.
    I guess Apple can do no wrong and has everything covered.

    Sent from my BlackBerry 9900 using Tapatalk
    Last edited by terminatorx; 01-21-15 at 02:07 AM.
    01-21-15 01:48 AM
  18. pomidor's Avatar
    I trust Apple (and google, MS, yahoo, etc) like I trust the leader of North Korea, Putin, Stalin and his WWII buddy two countries to the West of him

    These companies sold us out to the NSA / GCHQ before, and I'd bet my right testicle are still doing so.

    Are Apple keeping a copy of iphone users' fingerprints (or equivalent) off their phones?
    That's a rhetorical question; and, I'd bet my "left one" they have shared those fingerprints with the NSA by now, which means that NSA has shared it with GCHQ too (I'm out of testicles to place that last bet).

    The world is all about power and control. Once we admit that, the answer to the fingerprint question is easy.

    As somebody had put it so eloquently: "1984" Wasn't Meant To Be An Instruction Manual.
    Oops.
    01-21-15 06:55 AM
  19. anon(2313227)'s Avatar
    As somebody had put it so eloquently: "1984" Wasn't Meant To Be An Instruction Manual.
    Oops.
    But but...... Apple told us in 1984 they are not Big Bro. I saw it on TV so it must be true.
    01-21-15 08:10 AM
  20. Ment's Avatar
    I guess Apple can do no wrong and has everything covered.

    Sent from my BlackBerry 9900 using Tapatalk
    Of course not. If they wanted to go this route they'd trial it on their own campus first to work out any bugs. But I don't know why people think Apple can't engineer the security. BB has many security patents but not a patent on knowledge base. Cost is the biggest barrier for this implementation: stores aren't going to want to install something that only works on one brand of phone when people can just use NFC and their mobile device.
    01-21-15 12:50 PM
  21. early2bed's Avatar
    But I don't know why people think Apple can't engineer the security.
    Agree. The biggest security risks are lack of funds and lack of incentive and awareness. I don't think that Apple lacks either.
    01-21-15 02:28 PM
  22. terminatorx's Avatar
    Of course not. If they wanted to go this route they'd trial it on their own campus first to work out any bugs. But I don't know why people think Apple can't engineer the security. BB has many security patents but not a patent on knowledge base. Cost is the biggest barrier for this implementation: stores aren't going to want to install something that only works on one brand of phone when people can just use NFC and their mobile device.
    One thing I do see as at least an advantage with Apple Pay's solution, is that the carriers/banks not being involved will at least provide a consistent payment method. Right now, you have different banks issuing different apps in agreements with carriers in Canada. So those solutions are dependent on who you bank with and who your carrier is. The "centralized" concept where Apple has cut out the carrier and banks and acts as the provider of the service on behalf of credit card companies, would seem more logical.
    Ment likes this.
    01-21-15 04:21 PM
  23. Ment's Avatar
    One thing I do see as at least an advantage with Apple Pay's solution, is that the carriers/banks not being involved will at least provide a consistent payment method. Right now, you have different banks issuing different apps in agreements with carriers in Canada. So those solutions are dependent on who you bank with and who your carrier is. The "centralized" concept where Apple has cut out the carrier and banks and acts as the provider of the service on behalf of credit card companies, would seem more logical.
    ApplePay does involve agreements with banks though, Apple wants them involved so they can advertise and spur adoption. It just seems like its bank free because they get together with all the big ones and roll it out at once.
    01-21-15 06:42 PM
  24. z10Jobe's Avatar
    The funny thing about posts like these is when BlackBerry includes a fingerprint scanner, it will be well received by the community.
    Wrong again Birdman. Nothing BlackBerry does is well received by any community.

    Posted via CB10
    01-27-15 07:17 PM
  25. z10Jobe's Avatar
    I trust Apple (and google, MS, yahoo, etc) like I trust the leader of North Korea, Putin, Stalin and his WWII buddy two countries to the West of him

    These companies sold us out to the NSA / GCHQ before, and I'd bet my right testicle are still doing so.

    Are Apple keeping a copy of iphone users' fingerprints (or equivalent) off their phones?
    That's a rhetorical question; and, I'd bet my "left one" they have shared those fingerprints with the NSA by now, which means that NSA has shared it with GCHQ too (I'm out of testicles to place that last bet).

    The world is all about power and control. Once we admit that, the answer to the fingerprint question is easy.

    As somebody had put it so eloquently: "1984" Wasn't Meant To Be An Instruction Manual.
    Oops.
    Wow! That is what I call high stakes gambling .....

    Posted via CB10
    01-27-15 07:20 PM
61 123

Similar Threads

  1. Keep your Classic protected at your side with the BlackBerry Leather Swivel Holster
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 1
    Last Post: 08-22-17, 05:59 AM
  2. Replies: 3
    Last Post: 02-18-15, 05:01 PM
  3. Replies: 3
    Last Post: 02-17-15, 02:13 PM
  4. Hi guys need your opinion on a carrier
    By Ziro1 in forum BlackBerry Passport
    Replies: 9
    Last Post: 01-18-15, 11:03 AM
  5. UK wants more encryption, USA wants lesd
    By DC364 in forum General BlackBerry Discussion
    Replies: 6
    Last Post: 01-15-15, 06:43 PM
LINK TO POST COPIED TO CLIPBOARD