Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Fingerprinting Paper with Laser
From: mrx <mrx () propergander org uk>
Date: Fri, 19 Mar 2010 23:12:06 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Valdis.Kletnieks () vt edu wrote:
On Fri, 19 Mar 2010 20:51:40 -0000, mrx said:
Consider a production line for printing anything that is used for access
control. Now providing there is absolutea consistency across every sample of the
material printed/magnetised or otherwise marked during a production run, then
only one token need be scanned by laser.

I thought the point was that there *wasn't* absolute consistency, and what
was being measured was the deviations in each sample.


If deviations in the manufacturing process were consistently between known limits, it still serves as a control.
A hacker may learn those limits but then the problem of recreating an equal manufacturing process still remains.
Obviously if the deviation in each sample is such that the known level of consistency is so wide that the process is 
easily
replicated then the tech is useless as an indicator of integrity.

A bigger concern is whether normal wear and tear will invalidate the
measurements - some spots will be rubbed smoother by friction, others
will be roughed up. Yes, the fine article says this:

"This continued even after they were subjected to rough handling, including
submersion in water, scorching, scrubbing with an abrasive cleaning pad and
being scribbled on with thick black marker."

But I wonder what several years of wear will do.

Yes I would agree, but for tokens of limited lifetime perhaps there is still potential.
Concert tickets, travel tickets etc.
Besides one could always force renewal of the token once it's valid lifetime has expired.

I still think there may be a potential security benefit here.

mrx

- --
Mankind's systems are white sticks tapping walls.
Thanks Roy
http://www.propergander.org.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS6QExrIvn8UFHWSmAQJnygf/dUiVo37byk9WFfk1PTigC/ZJNYxr7iuB
JZ9Pv/H2d0YI8M/ru54B5Q6rO7RFqDDRJhlgAjLLOY6R1p2D9ai6NvM+yJWfI5eb
gtqOLaV6s4KSY2pl40CYXm26cVOmascglyFOdwSdH76Lu8EERqI7woKra6PNBXv2
1olRAcNr8qmYY6DxBDJPZ1Q3J6/FtGIkMHjh1eg3ysoGtgfPk3TQnusgjqgY5Omp
6MG1Q4wPosVCRAH3igvkR8zRLFpkCgBlHsoV/qvK+poPf4o2h5UNqXIK7jVLrz70
RQmZIH+GrWlXjSS1VLYYf+OHe1W0gRirruS2otj14WqfLvyLrKl3iQ==
=TlBw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]