[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Crypto basic income



Thank you. That definitely makes a lot of sense. 

So, taking into consideration that there will always be a need to generate some sort of secret, thus a very specific point of failure, is it fair to assume that the "security in depth" approach will always be present, for ever and ever? 

I know this might seem like a very naive question, just curious to get some more points of view.

Regards,
Guilherme

Natanael <natanael.l AT gmail.com> escreveu no dia domingo, 24/09/2017 às 23:40:

Den 25 sep. 2017 00:15 skrev "Guilherme Campos" <gpirescampos AT gmail.com>:
I've written a "food for thought" kind of article around the usage of cryptocurrencies for universal basic income (https://medium.com/@guilhermepcampos/universal-crypto-basic-income-460fc46207f6). And, although this is not 100% on topic, I would definitely like some opinions around usage of biometrics for key generation. More precisely on:
  • Do you think it will be possible, at some point, to have some sort of biometric public key infrastructure, where public and private keys are directly pegged to a persons biometric details?
No, not unless you accept the use of schemes like Identity Based Encryption which invariably requires central servers (although there exists a few versions of these schemes where the server doesn't need to be trusted all that much). 

Just the biometric data alone in isolation is never good enough for cryptographic secrets. 
  • Could biometrics completely replace the need for passwords?
No, not unless they're just used to identify cryptographic public keys where you hold the private key. Universal usernames, basically. I don't care if you surgically place your hardware authentication token in your skull or whatever to not need to remember to carry it with you, you just need some kind of digital secret. 
  • If compromise of biometric details occurs, how would one go around to solve this, since it's not possible to, for example, create a new fingerprint for a person?
You don't. If they're your last line of defense, you've already lost if they're compromised. So don't make them your last line of defense. 
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography