[CyberRage]

I mean you don't have to give it away if you think Google is storing databases of fingerprints for the lizard masters to track you down.

FIDO simply wants to make authentication stronger, you can use hardware keys that have a key burnt into them which is unique and much harder to brute-force than passwords.

Again according to how biometrics are described in whitepapers\industry, we extract features from the fingerprint\face sometimes very little compared to the actual biometric and use it to derive a key. that key cannot be reversed to get the original features and different algorithms use different features.

[dane-pgp]

> that key cannot be reversed to get the original features

"As a result, the early common belief among the biometrics community of templates irreversibility has been proven wrong. It is now an accepted fact that it is possible to reconstruct from an unprotected template a synthetic sample that matches the bona fide one."

-- Reversing the irreversible: A survey on inverse biometrics

https://www.sciencedirect.com/science/article/pii/S016740481...

[CyberRage]

"from an unprotected template" do you even read? stop trying to find some random internet page to justify yourself, have you ever seen a biometric implementation? I have.

[dane-pgp]

I don't know what counts as a non-random internet page, but here[0] is an article published by the "European Data Protection Supervisor" titled "14 Misunderstandings With Regard To Biometric Identification And Authentication", with number 12 being "Biometric information converted to a hash is not recoverable". It states:

> there are studies showing that the hash could be reversible, that is, it could be possible to obtain the original biometric pattern, especially if the secret of the key used to generate the hash is violated

So yes, there are secret keys involved (which the user has no control over), and no, I've never read through the code of a biometric implementation, but ultimately the space of possible values that someone's face or finger could reliably display is much smaller than even MD5, so it can be brute-forced.

If you have some non-random internet page to justify yourself, and show how much entropy is contained in a biometric hash, and how resistant to cracking that hash is, and how well secured those secret keys are, then I'd be happy to learn more.

[0] https://edps.europa.eu/sites/edp/files/publication/joint_pap...

[hansel_der]

> I mean you don't have to give it away if you think Google is storing databases of fingerprints for the lizard masters to track you down.

also you

> We leave biometric traces everywhere, all the time. do you cover your face and wear gloves in public? hmmmm...