Does anyone know anything about the battery life in 5s and 5c? I wouldn't mind Apple making their devices a bit thicker for longer-lasting battery. People put cases on them and make them thicker anyway. There's a point beyond which a phone is too thin. Thicker feels better in the hand...
Not everyone. Some like their phones the way they like their women
Yet someone could easily knock you unconscious and use your finger to unlock your iPhone. Seems much easier than trying to figure out what your 4-digit passcode is.
That could actually a be feature. Suppose you are accidentally knocked out or suffer a serious medical emergency, the first responders could immediately unlock your phone with your finger and call next of kin listed in your favorites.
Yet someone could easily knock you unconscious and use your finger to unlock your iPhone. Seems much easier than trying to figure out what your 4-digit passcode is.
where does this silliness come from.
If someone wants your iPhone and are willing to actually kill or mame you, pass code or not they will get their way. The finger ID thing is of no consequence to this argument one way or another. A strong enough threat and you will give up your phone unlocked.
Yet someone could easily knock you unconscious and use your finger to unlock your iPhone. Seems much easier than trying to figure out what your 4-digit passcode is.
In the future the 'belts and suspenders' will be there for those who need it. If nothing else now the 4 digit pin (and a lowered lockout - 5 tries) becomes useful again. A thumbprint and a pattern (that's my password…. I really can't even tell you what the characters are unless I look at the keyboard). 3 factor authentication
Quote:
Originally Posted by Chandra69
The one who can knock us unconscious can put pistol at point blank and demand for the 4 digit passcode.
agreed. The use case for this is the stolen/lost/unattended phone/ipad… and 'stealing passwords' via social engineering, or just good optics [the long term case of all your app passwords can be linked to your fingerprint data [most likely an AppleID signed GUID, to allow for migration from device to device] and sent to an app's back end authN server].
It does not solve the extortion/threat/ use case. Humans are always the weakest link. And is any data worthy losing your or a loved one's life over?
There is no technology that prevents this attack [well, the 'duress' password/honeyapp, which when entered flags the back end to 'fake access' and call the rescue squad , but when the banks put that in I'll die a happy man], so being better and easier and less hackable than all the rest is where Apple has to resign itself to at the moment ;-)
BTW, even if no API can access it, I don’t believe a second the recorded “Touch ID” to be private. I’m sure it could be retrieved wirelessly by Apple at will.
So Apple is targeting government agencies by providing a fingerprint scanner to provide security for the new phone. I can't see the 'Men In Black' using them - didn't all agents have their fingerprints wiped in the first movie? ;-)
BTW, even if no API can access it, I don’t believe a second the recorded “Touch ID” to be private. I’m sure it could be retrieved wirelessly by Apple at will.
To my understanding (and we will know pretty soon) the enclave has no data lines out to carry data. It can only tell the A7 there was a match, and which of the 5 prints you can configure it with matched. The sensor only gives a hash code to the enclave (i.e. it does not store your actual print per se, but reduces your print to a signature number).
the hash code cannot be used to recreate a fingerprint. Sort of like how a checksum cannot be used to recreate a photo with which it was calculated from.
To my understanding (and we will know pretty soon) the enclave has no data lines out to carry data. It can only tell the A7 there was a match, and which of the 5 prints you can configure it with matched. The sensor only gives a hash code to the enclave (i.e. it does not store your actual print per se, but reduces your print to a signature number).
the hash code cannot be used to recreate a fingerprint. Sort of like how a checksum cannot be used to recreate a photo with which it was calculated from.
Oh, I see. Well, I hope you’re right. But it’s pretty difficult, nowadays, to tell a data line from a power line, for example. And much can be transmitted on a single pair of wires.
I don’t understand how a hash code could be used. A hash code, by definition, is not unique: several patterns match the same hash. In this case, it would mean that several different fingerprints would register under the same hash; in other terms: two people with different Touch ID could activate the device, which is precisely what the mechanism tries to avoid…
Oh, I see. Well, I hope you’re right. But it’s pretty difficult, nowadays, to tell a data line from a power line, for example. And much can be transmitted on a single pair of wires.
I don’t understand how a hash code could be used. A hash code, by definition, is not unique: several patterns match the same hash. In this case, it would mean that several different fingerprints would register under the same hash; in other terms: two people with different Touch ID could activate the device, which is precisely what the mechanism tries to avoid…
I don't think they would use the term enclave lightly. But as I said we will know much more about it soon.
Yes, a hash code is not unique, but it could be only one in a million "touch IDs" would match or somesuch. I could see them use a 128-bit signature/hash per print pretty easily. So for practical use, unless a million folks regularly handled your iphone the security would be fine. Im not in the know, just passing on to you how I would implement it.
I don't like the fake fingerprint that is used to show print learning progress. It reinforces the mistaken idea that an actual fingerprint is stored on the device.
BTW, even if no API can access it, I don’t believe a second the recorded “Touch ID” to be private. I’m sure it could be retrieved wirelessly by Apple at will.
I can't believe that Apple would be so completely stupid as to lie about something like this feature. If they did, it's certain that they would eventually be discovered and, at that point, would lose all consumer trust. They could kiss goodbye to any and all enterprise use, and the legions of villified haters would lead the march to the competition.
Either that or, you know, we'll only find out they were lying as skynet goes active and it's all too late.
Comments
You mean it works with any finger? I thought you had to use the same finger over and over again.
I think it can store 5 finger signatures.
Does anyone know anything about the battery life in 5s and 5c? I wouldn't mind Apple making their devices a bit thicker for longer-lasting battery. People put cases on them and make them thicker anyway. There's a point beyond which a phone is too thin. Thicker feels better in the hand...
Not everyone. Some like their phones the way they like their women
Yet someone could easily knock you unconscious and use your finger to unlock your iPhone. Seems much easier than trying to figure out what your 4-digit passcode is.
That could actually a be feature. Suppose you are accidentally knocked out or suffer a serious medical emergency, the first responders could immediately unlock your phone with your finger and call next of kin listed in your favorites.
Yet someone could easily knock you unconscious and use your finger to unlock your iPhone. Seems much easier than trying to figure out what your 4-digit passcode is.
where does this silliness come from.
If someone wants your iPhone and are willing to actually kill or mame you, pass code or not they will get their way. The finger ID thing is of no consequence to this argument one way or another. A strong enough threat and you will give up your phone unlocked.
Yet someone could easily knock you unconscious and use your finger to unlock your iPhone. Seems much easier than trying to figure out what your 4-digit passcode is.
In the future the 'belts and suspenders' will be there for those who need it. If nothing else now the 4 digit pin (and a lowered lockout - 5 tries) becomes useful again. A thumbprint and a pattern (that's my password…. I really can't even tell you what the characters are unless I look at the keyboard). 3 factor authentication
The one who can knock us unconscious can put pistol at point blank and demand for the 4 digit passcode.
agreed. The use case for this is the stolen/lost/unattended phone/ipad… and 'stealing passwords' via social engineering, or just good optics [the long term case of all your app passwords can be linked to your fingerprint data [most likely an AppleID signed GUID, to allow for migration from device to device] and sent to an app's back end authN server].
It does not solve the extortion/threat/ use case. Humans are always the weakest link. And is any data worthy losing your or a loved one's life over?
There is no technology that prevents this attack [well, the 'duress' password/honeyapp, which when entered flags the back end to 'fake access' and call the rescue squad , but when the banks put that in I'll die a happy man], so being better and easier and less hackable than all the rest is where Apple has to resign itself to at the moment ;-)
Not everyone. Some like their phones the way they like their women
and what phone does Sir Mix a Lot use?
I think it can store 5 finger signatures.
I didn’t know that. Seems logical. Thanks.
BTW, even if no API can access it, I don’t believe a second the recorded “Touch ID” to be private. I’m sure it could be retrieved wirelessly by Apple at will.
I didn’t know that. Seems logical. Thanks.
BTW, even if no API can access it, I don’t believe a second the recorded “Touch ID” to be private. I’m sure it could be retrieved wirelessly by Apple at will.
To my understanding (and we will know pretty soon) the enclave has no data lines out to carry data. It can only tell the A7 there was a match, and which of the 5 prints you can configure it with matched. The sensor only gives a hash code to the enclave (i.e. it does not store your actual print per se, but reduces your print to a signature number).
the hash code cannot be used to recreate a fingerprint. Sort of like how a checksum cannot be used to recreate a photo with which it was calculated from.
Oh, I see. Well, I hope you’re right. But it’s pretty difficult, nowadays, to tell a data line from a power line, for example. And much can be transmitted on a single pair of wires.
I don’t understand how a hash code could be used. A hash code, by definition, is not unique: several patterns match the same hash. In this case, it would mean that several different fingerprints would register under the same hash; in other terms: two people with different Touch ID could activate the device, which is precisely what the mechanism tries to avoid…
Oh, I see. Well, I hope you’re right. But it’s pretty difficult, nowadays, to tell a data line from a power line, for example. And much can be transmitted on a single pair of wires.
I don’t understand how a hash code could be used. A hash code, by definition, is not unique: several patterns match the same hash. In this case, it would mean that several different fingerprints would register under the same hash; in other terms: two people with different Touch ID could activate the device, which is precisely what the mechanism tries to avoid…
I don't think they would use the term enclave lightly. But as I said we will know much more about it soon.
Yes, a hash code is not unique, but it could be only one in a million "touch IDs" would match or somesuch. I could see them use a 128-bit signature/hash per print pretty easily. So for practical use, unless a million folks regularly handled your iphone the security would be fine. Im not in the know, just passing on to you how I would implement it.
The algoritm used in the 5s, is it from Apple / Authentech or from some third party vendor?
Nobody yet knows, but my guess is it is an authentech algorithm
Well, I suppose you’re not in the know, because if you were, you’d be jeopardizing your position discussing such things openly!
Thanks for the hints! As you say, we’ll know about the crux pretty soon. I’ll stay tuned. Thanks again.
I don't like the fake fingerprint that is used to show print learning progress. It reinforces the mistaken idea that an actual fingerprint is stored on the device.
1) Conceived in California but actually produced in China
2) Made from environmentally friendly components
3) Touch activated?
????
BTW, even if no API can access it, I don’t believe a second the recorded “Touch ID” to be private. I’m sure it could be retrieved wirelessly by Apple at will.
I can't believe that Apple would be so completely stupid as to lie about something like this feature. If they did, it's certain that they would eventually be discovered and, at that point, would lose all consumer trust. They could kiss goodbye to any and all enterprise use, and the legions of villified haters would lead the march to the competition.
Either that or, you know, we'll only find out they were lying as skynet goes active and it's all too late.
Not everyone. Some like their phones the way they like their women
...