Exchanging mugshots to make crypto passwords

recursive PDAA Romanian computer scientist has come up with a new way to generate secure communications pairing between devices like PDAs: get their owners to take photos of one another, and use the biometrics of their faces to generate the password. [image by James Jordan]

The PDA compares the two photos and generates a security code for making a safe connection. The users can then use this connection to exchange confidential information. The photos are stored as a template that contains the essential features for recognition.

I haven’t read the full paper, but it strikes me that there’s an obvious flaw here – in that anyone stealing one of the two devices can use the pre-generated connection key, meaning it’s still only as secure as whatever password or locking system its owner has installed on it (clever crypto types, please feel free to explain why I’m wrong about that). But even so, an interesting proof-of-concept.

One thought on “Exchanging mugshots to make crypto passwords”

  1. It would work if, any time you use it, you have to take a quick picture of yourself so the software can compare your mug to the stored image….

    Maybe a picture can unlock it for an hour or something?

Comments are closed.