[aeternum]

As-if you can ever actually hash a biometric and expect it to match in the future. The whole idea of a hash is that a tiny perturbation makes the output completely different.

It almost by definition cannot work for biometrics.

[thebean11]

https://support.apple.com/en-us/HT204587

> Touch ID doesn't store any images of your fingerprint, and instead relies only on a mathematical representation. It isn't possible for someone to reverse engineer your actual fingerprint image from this stored data.

[aeternum]

Remember when Apple claimed similar about their CSAM photo-scanning but then it turned out it was pretty easy to generate a hash collision?

AFAIK Apple has not opened their TouchID hash scheme so you must take them at their word that it cannot be reverse engineered.

[thebean11]

Sure, I think there are a million attack vectors for getting these "orbs" to send the same person money multiple times. Crafting a face that doesn't generate a hash collision (which would be the goal here) is probably an even easier problem!

I'm just pointing out that perceptual hashes do exist.

[tomesco]

> The whole idea of a hash is that a tiny perturbation makes the output completely different.

That would be a cryptographic hash you are describing. Not all hash functions share that property. As long as arbitrary input is mapped to a fixed size output it is a hash function. For example see NeuralHash [1] which is a hash function designed to be "insensitive to small changes in the input image."

[1] https://towardsdatascience.com/apples-neuralhash-how-it-work...

[aeternum]

If it's insensitive to small changes in the input image then it leaks substantial information about that input image.

[have_faith]

Perceptual hashes have the opposite set of traits (similar inputs produce similar outputs).

[sam0x17]

there are also these things called perceptual hashes that are designed to get the same hash for similar inputs, where "similar" is domain-specific.