HN Theater @HNTheaterMonth

⬐ bediger4000

Most doors wouldn't really keep a serious attacker out, but a locked door does make it a bit harder to the prospective thief to enter.

But "security" is an economic good, with a cost and a value. Locking the door is a small cost. It has a much higher value, so I do it.

⬐ elmerfud

I lock my door to control access. Physical barriers aren't meant as a way to prevent access but as a way to control access. A locked door means that those without the required permission shouldn't pass. If they do pass you immediately know they are unauthorized and can treat them as such.

Locks also keep honest people honest. Sometimes temptation and curiosity are too much.

⬐ bediger4000

Because "security" is an economic good, with a cost and a value. When the value is at least the cost, you do the security thing. Locking doors has almost zero cost, and much less than zero value most of the time, hence: lock your doors.

⬐ nakashihagamuta

That's an interesting insight.

> [Fingerprints] are just hard to reproduce.

I think this is the key point. If fingerprints were like public-key authentication mechanisms, they'd be fantastic. If it was mathematically impossible or even just very difficult to fake them just by intercepting previous authentications, that would be incredibly useful.

That's not the case though.

They're easily reproduced in moments using putty[0] or play-doh[1]. Or duplicated using household materials, even from a fingerprint collected from the targeted iOS device itself.[2] Some teams have found difficulty using some of these methods against a MS fingerprint scanner, but still found success using a toy wax kit from Crayola.[3]

But the general point about revocation is this: you should imagine, whenever designing a security system, "what's my fallback when this fails?" Biometrics can fail for lots of reasons, not only due to adversaries.[4] You need to have some idea of how to recover from those failures beyond just insisting that those failures don't happen or are unlikely.

Revocation is a handy fallback in those situations for a lot of systems. It's so common that people probably wrongfully assume it's the only way to recover. Fingerprints can't offer revocation, but they may have other fallbacks. Maybe you have a guard checking photo IDs if a scanner doesn't work for entry to a facility.

Scanners for devices might need to simply fail to require usernames and passwords for some users after they've been compromised. That could still offer convenience for other users, but over time, fewer and fewer users would get that benefit.

Or maybe fingerprints are just not designed to be that secure, and maybe that's ok. Anyone can get through the standard household locks in seconds with about 30 minutes max of research on youtube. They're not perfect security and not intended to be, they just put a small barrier (mostly social) to prevent the most nuisance level entries.[5]

[0] http://www.puttyworld.com/thinputdeffi.html

[1] https://secure.marketwatch.com/story/this-company-hacked-an-...

[2] http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren.en

[3] http://www2.washjeff.edu/users/ahollandminkley/Biometric/ind...

[4] See Yager and Dunstone on the Biometric Menagerie for an interesting classification system for the wide variety of failure cases you have to tune any biometric system against.

[5] If you want more about this philosophy / interpretation of locks and security, or even if you don't, there are fewer better ways to spend an hour than by listening to the brilliant Schuyler Towne at RVAsec on the history and social function of locks and lock-making. No seriously, it's amazing. https://www.youtube.com/watch?v=3nROJz_UNQY

EDIT: moderated my views in the last two paras, sorry for any whiplash.

⬐ dpark

So there are two things I would like to address. First, fingerprints do not need to be cryptographically secure to be sufficient for a great many purposes. As you noted, a house lock can be picked in seconds by someone with moderate skill and yet they are sufficient for physical security on most cases.

Second, and more important, we need to stop pretending that passwords actually work well when we have these sorts of conversations. The reality is that most people reuse the same passwords everywhere and when they are forced to use secure/unique passwords they cope by doing things like writing them down on sticky notes attached to their monitors. The reality is that most people are probably using a compromised password for their bank access because they used the same password on a dozen sites that have been compromised. When we compare fingerprint security to passwords, we need to stop comparing it to the mythical unique passphrase because essentially no one is using that.

I'll also point out that copying someone's fingerprint when they cooperate by taking a clay mold is quite different from lifting a fingerprint off, e.g., a glass. But nonetheless, I do not dispute that it is quite feasible to clone fingerprints.

This article mentions Schuyler Towne at the end.

I've watched Schuyler talk[0][1] at RVASec (a small richmond va security conference) the last couple years.

If you find locks even almost remotely interesting, Schuyler is the guy who will talk until you think they are really interesting. He's super passionate about locks and gives a ton of easily digestable information about them.

[0] - https://www.youtube.com/watch?v=3nROJz_UNQY

[1] - https://www.youtube.com/watch?v=kTQWPrl_Tao

⬐ fabulist

I concur that Towne is a great speaker on this subject, and would like to add that he's an HN user.

https://news.ycombinator.com/user?id=emhart

I discovered this by reading this comment, and as soon as I read "security anthropologist", I figured there couldn't be two of those.

https://news.ycombinator.com/item?id=8156030