Stories with Tag biometrics

• The Cryptography Behind Passkeys

  permalink

  Posted: 2025-05-14 11:22:39

  Verbose tl;dr

  Passkeys leverage public-key cryptography to enhance login security. Instead of passwords, they utilize a private key stored on the user's device and a corresponding public key registered with the online service. During login, the device uses its private key to sign a challenge issued by the service, proving possession of the correct key without ever transmitting it. This process, based on established cryptographic principles and protocols like WebAuthn, eliminates the vulnerability of transmitting passwords and mitigates phishing attacks, as the private key never leaves the user's device and is tied to a specific website. This model ensures only the legitimate device can authenticate with the service.

  The Trail of Bits blog post, "The Cryptography Behind Passkeys," delves into the intricate cryptographic mechanisms that underpin the functionality and security of passkeys, a novel authentication technology poised to supplant passwords. The post meticulously dissects the two primary cryptographic operations at the heart of passkeys: authenticator registration and authentication.

  During authenticator registration, a new cryptographic key pair is generated. This key pair consists of a private key, securely stored within the authenticator (e.g., a hardware security key or a platform authenticator like those integrated into operating systems), and a corresponding public key. Crucially, the private key never leaves the authenticator, significantly enhancing security. This public key is then registered with the online service the user is signing up for. The post emphasizes the diverse range of algorithms supported for key generation, including the widely adopted Elliptic Curve Cryptography (ECC) with curves like P-256, and highlights the importance of algorithm agility for future-proofing passkeys against potential vulnerabilities discovered in specific algorithms.

  The authentication process, triggered when a user attempts to log in, involves a challenge-response protocol. The online service sends a challenge, essentially a random piece of data, to the authenticator. The authenticator then uses its stored private key to cryptographically sign this challenge. This digital signature, along with user presence confirmation (often a biometric check or a PIN), is transmitted back to the service. The service then verifies the signature using the previously registered public key, confirming the user's identity. This process assures the service that the response originated from the authenticator holding the corresponding private key without ever transmitting the private key itself.

  The blog post also explicates the role of attestation in bolstering passkey security. Attestation provides cryptographic proof of the authenticator's provenance and characteristics, allowing the online service to verify that the authenticator is genuine and adheres to specific security standards. This mitigates the risk of malicious or compromised authenticators being used. Different levels of attestation, such as basic attestation and self attestation, offer varying degrees of assurance and are described in detail.

  Furthermore, the post touches upon the concept of hybrid authenticators, which combine aspects of platform and roaming authenticators, leveraging a cloud synchronization mechanism to enable cross-device functionality. This involves securely syncing the private key across multiple devices belonging to the same user, introducing complexities in key management and requiring robust cryptographic protections to safeguard the synchronized keys.

  Finally, the post underscores the potential benefits of passkeys in combating phishing attacks, a significant security threat in the current password-based authentication landscape. By eliminating the need for users to enter passwords, passkeys effectively remove the vulnerability associated with users inadvertently disclosing their credentials to fraudulent websites. The cryptographic underpinnings of passkeys ensure that authentication is tied to a specific legitimate website, thwarting attempts by malicious actors to impersonate legitimate services and steal user credentials.

  • Cryptography
  • Passkeys
  • Security
  • Authentication
  • WebAuthn
  • FIDO2
  • Public Key Cryptography
  • Private Key Cryptography
  • Passwordless
  • Multi-Factor Authentication
  • biometrics
  • Online Security
  • digital identity
  • Phishing Resistance

  Summary of Comments ( 78 )
  https://news.ycombinator.com/item?id=43983159

  Verbose tl;dr

  Hacker News users discussed the practicality and security implications of passkeys. Some expressed concern about vendor lock-in and the reliance on single providers like Apple, Google, and Microsoft. Others questioned the robustness of the recovery mechanisms and the potential for abuse or vulnerabilities in the biometric authentication process. The convenience and improved security compared to passwords were generally acknowledged, but skepticism remained about the long-term viability and potential for unforeseen issues with widespread adoption. A few commenters delved into the technical details, discussing the cryptographic primitives used and the specific aspects of the FIDO2 standard, while others focused on the user experience and potential challenges for less tech-savvy users.

  The Hacker News post titled "The Cryptography Behind Passkeys" (https://news.ycombinator.com/item?id=43983159) has generated a moderate number of comments discussing various aspects of passkeys and their implementation.

  Several commenters delve into the technical details of the cryptographic processes involved. One commenter clarifies the distinction between the private key never leaving the device and the public key being shared, emphasizing the security implications of this asymmetric cryptography. Another commenter questions the article's choice of elliptic curves, advocating for the use of Curve25519 due to its performance advantages and perceived security benefits. A related discussion thread emerges regarding the security considerations of using specific elliptic curves and the potential vulnerabilities they might present.

  Practical implications and user experiences are also discussed. One commenter raises the issue of account recovery and how passkeys handle situations where a user loses access to their device. Another commenter expresses concern about the user experience of passkeys, especially during the initial setup and login processes. The potential for increased security and the elimination of passwords are acknowledged as benefits, but the commenter argues that a smoother user experience is crucial for widespread adoption. The topic of platform lock-in is also brought up, with commenters expressing concern about the potential for dependence on specific platforms and the implications for user freedom.

  A few commenters offer insights into the implementation and standardization efforts around passkeys. One commenter points to the WebAuthn standard and FIDO2 as key components of the passkey ecosystem, highlighting the importance of open standards in ensuring interoperability. Another commenter mentions the challenges of cross-device compatibility and the need for seamless integration across different operating systems and browsers. A brief discussion arises about the role of biometrics in passkey authentication and the potential security and privacy trade-offs.

  Overall, the comments section provides a valuable discussion of the technical, practical, and user-centric aspects of passkeys. The commenters explore the nuances of the cryptographic mechanisms, the potential benefits and drawbacks of passkey adoption, and the challenges of implementing a secure and user-friendly system. While some comments offer praise for the advancements offered by passkeys, others express reservations and concerns about specific implementation details and the potential for unforeseen issues.

• Discord's face scanning age checks 'start of a bigger shift'

  permalink

  Posted: 2025-04-17 12:34:38

  Verbose tl;dr

  Discord is testing AI-powered age verification using a selfie and driver's license, partnering with Yoti, a digital identity company. This system aims to verify user age without storing government ID information on Discord's servers. While initially focused on ensuring compliance with age-restricted content, like servers designated 18+, this move signifies a potential broader shift in online age verification moving away from traditional methods and towards AI-powered solutions for a more streamlined and potentially privacy-preserving approach.

  The BBC article "Discord's face scanning age checks 'start of a bigger shift'" details the platform's implementation of age verification technology and its broader implications for online safety and privacy. Discord, a popular communication platform utilized by diverse groups, including younger users, is introducing a system that uses facial recognition technology powered by Yoti, a digital identity provider. This system aims to verify the age of users attempting to access age-restricted servers specifically designated for adult content. The process involves users taking a selfie, which is then analyzed by Yoti's technology to estimate their age. If the estimated age aligns with the age restrictions of the server, the user is granted access. Crucially, Discord itself does not receive the selfie or retain the image data; instead, Yoti acts as an intermediary, confirming the user's age range to Discord.

  The article highlights several key aspects of this development. First, it emphasizes the increasing pressure on online platforms to implement more robust age verification mechanisms, particularly in the context of protecting minors from accessing inappropriate content. This pressure emanates from regulators, parents, and advocacy groups who are concerned about the potential harms of online environments. Second, the article explores the privacy implications of using facial recognition technology for age verification. While Discord emphasizes the privacy-preserving nature of its system, relying on Yoti's intermediary role, concerns remain about the collection and potential misuse of biometric data. The article notes that the system is initially optional, only applying to users attempting to join age-restricted servers who have not previously verified their age through traditional methods like credit card information.

  Further, the article discusses the potential for this development to signal a broader shift in online age verification practices. It suggests that other platforms may follow suit, adopting similar technologies to address the growing demands for online safety and regulatory compliance. The article also acknowledges the limitations of age verification technology, noting that systems like Yoti's provide age estimates rather than precise age confirmations, introducing the possibility of errors and inaccuracies. Finally, the article explores the user experience aspect of such systems, recognizing that requiring users to provide biometric data could create friction and potentially deter some users from accessing certain online spaces. The article concludes by positioning Discord's move as a potentially pivotal moment in the ongoing evolution of online identity verification and the increasing integration of biometric technologies into online interactions.

  • Discord
  • age verification
  • Face Scanning
  • biometrics
  • privacy
  • online safety
  • Children's Online Privacy Protection Act (COPPA)
  • Regulation
  • social media
  • Technology
  • AI
  • artificial intelligence

  Summary of Comments ( 356 )
  https://news.ycombinator.com/item?id=43715884

  Verbose tl;dr

  Hacker News users discussed the privacy implications of Discord's new age verification system using Yoti's face scanning technology. Several commenters expressed concerns about the potential for misuse and abuse of the collected biometric data, questioning Yoti's claims of data minimization and security. Some suggested alternative methods like credit card verification or government IDs, while others debated the efficacy and necessity of age verification online. The discussion also touched upon the broader trend of increased online surveillance and the potential for this technology to be adopted by other platforms. Some commenters highlighted the "slippery slope" argument, fearing this is just the beginning of widespread biometric data collection. Several users criticized Discord's lack of transparency and communication with its users regarding this change.

  The Hacker News post "Discord's face scanning age checks 'start of a bigger shift'" has generated several comments discussing the implications of Discord's new age verification system, which uses Yoti's facial analysis technology. Users express a range of concerns and opinions.

  A prominent sentiment is skepticism and apprehension regarding privacy. Several commenters question the security and potential misuse of biometric data collected through the system. They worry about the creation of large datasets of facial scans vulnerable to breaches or exploitation by governments or corporations. The lack of transparency about how Yoti handles and stores this data fuels these concerns. Some also express discomfort with the idea of a third-party company, Yoti, having access to such sensitive information.

  Several users discuss the accuracy and potential biases of facial recognition technology. They point out that such systems have historically exhibited biases based on factors like race and gender, raising concerns about unfair or discriminatory outcomes for certain user groups. Commenters also speculate on the potential for circumvention by minors using fake IDs or manipulating the system.

  The discussion also touches on the broader implications of age verification and content moderation online. Some commenters argue that age verification measures, while potentially well-intentioned, could erode online privacy and freedom of expression. Others raise concerns about the slippery slope, fearing that such technologies could be used for more intrusive forms of surveillance or control in the future.

  Some commenters offer alternative approaches to age verification, suggesting methods that don't rely on facial recognition, such as credit card verification or government-issued IDs. However, these alternatives are also met with counterarguments regarding their own limitations and privacy implications.

  Finally, a few comments specifically criticize Discord for implementing this system, accusing the platform of succumbing to pressure from regulators or prioritizing perceived safety over user privacy. There is a general feeling among some commenters that this move represents a worrying trend towards increased surveillance and control in online spaces.

• Bad Smart Watch Authentication

  permalink

  Posted: 2025-02-09 18:18:47

  Verbose tl;dr

  The blog post "Bad Smart Watch Authentication" details a vulnerability discovered in a smart watch's companion app. The app, when requesting sensitive fitness data, used a predictable, sequential ID in its API requests. This allowed the author, by simply incrementing the ID, to access the fitness data of other users without proper authorization. This highlights a critical flaw in the app's authentication and authorization mechanisms, demonstrating how easily user data could be exposed due to poor security practices.

  This blog post, titled "Bad Smart Watch Authentication," details a security vulnerability discovered by the author, identified as "XSSfox," within the IDO Smartwatch ecosystem. The author meticulously describes a flawed authentication process that could allow an attacker to gain unauthorized access to a user's smartwatch data. The vulnerability centers around the method by which the companion mobile application communicates with the smartwatch via Bluetooth Low Energy (BLE). Specifically, the application transmits an authentication token over BLE to establish a connection and authorize subsequent interactions.

  XSSfox discovered that this authentication token, crucial for securing the connection, possesses a critically short lifespan and is excessively predictable. This predictability stems from the token's derivation from easily obtainable information: the current timestamp. Furthermore, the short validity period, intended to enhance security, ironically exacerbates the issue. The combination of these two weaknesses—predictability and short lifespan—creates a narrow window of opportunity for an attacker, but one that is readily exploitable.

  The attack scenario outlined involves an attacker within Bluetooth range of the victim's smartwatch. This attacker could passively eavesdrop on the BLE communication, capturing the authentication token when the legitimate mobile application connects. Due to the token's predictable nature based on the timestamp, the attacker can accurately calculate future tokens. This allows the attacker, even after the captured token expires, to inject their own, predicted, and valid token into the communication stream, effectively impersonating the authentic mobile application. Consequently, the attacker could gain control of the smartwatch and access sensitive data such as the user's location, fitness information, or potentially even notifications and communication logs.

  The author clearly articulates the technical details of the vulnerability, including the specific format and generation method of the authentication token. They highlight the severity of the issue by explaining the potential consequences of successful exploitation. While the author refrains from explicitly naming the affected smartwatch model, they provide sufficient information to suggest that the vulnerability impacts a specific range of IDO smartwatches. The post concludes with a call to action, urging the manufacturer to address this critical security flaw and implement more robust authentication mechanisms. The overall tone of the post is one of professional concern, emphasizing the importance of responsible disclosure and the need for enhanced security in the realm of wearable technology.

  • smart watch
  • Authentication
  • Security
  • Vulnerability
  • IoT
  • Wearables
  • password
  • biometrics
  • Two-Factor Authentication
  • Authorization
  • Access Control

  Summary of Comments ( 29 )
  https://news.ycombinator.com/item?id=42992368

  Verbose tl;dr

  Several Hacker News commenters criticize the smartwatch authentication scheme described in the article, calling it "security theater" and "fundamentally broken." They point out that relying on a QR code displayed on a trusted device (the watch) to authenticate on another device (the phone) is flawed, as it doesn't verify the connection between the watch and the phone. This leaves it open to attacks where a malicious actor could intercept the QR code and use it themselves. Some suggest alternative approaches, such as using Bluetooth proximity verification or public-key cryptography, to establish a secure connection between the devices. Others question the overall utility of this type of authentication, highlighting the inconvenience and limited security benefits it offers. A few commenters mention similar vulnerabilities in existing passwordless login systems.

  The Hacker News post titled "Bad Smart Watch Authentication" (linking to an article about insecure initial device onboarding processes for smartwatches) has generated several comments discussing the security implications and broader context of the issue.

  Several commenters express general agreement with the article's premise. One commenter points out the irony of having robust security measures for the data in transit, while the initial setup process, which establishes the foundation of trust, is often neglected. They highlight how this weakness undermines the subsequent security layers. Another commenter expands on this, suggesting that the ease of setup is often prioritized over security, creating a vulnerability that sophisticated attackers could exploit.

  The discussion also touches upon the prevalence of this issue beyond smartwatches. One commenter notes that similar vulnerabilities exist in other "Internet of Things" devices, lamenting the widespread lack of secure onboarding practices across the industry. Another user concurs, sarcastically commenting on the seemingly common practice of using easily guessable default passwords or even skipping authentication altogether during setup. They argue this demonstrates a fundamental lack of understanding about security among manufacturers.

  Some commenters delve into the technical specifics. One individual questions the efficacy of using a six-digit code for authentication, noting that it provides a relatively small search space for a brute-force attack, especially considering the lack of rate limiting mentioned in the article. Another commenter raises concerns about the potential for physical proximity attacks, suggesting that an attacker within Bluetooth range could potentially intercept or manipulate the pairing process.

  A recurring theme in the comments is the trade-off between security and user experience. Some users acknowledge the difficulty of implementing robust security measures without making the setup process overly complex for the average consumer. However, others argue that security should be a primary concern, particularly given the sensitive nature of the data often collected by these devices. They suggest that manufacturers need to find more creative solutions to balance these competing priorities.

  Finally, a few commenters offer potential solutions, such as using physically unique identifiers or more sophisticated cryptographic protocols during the onboarding process. One commenter suggests employing a technique similar to what some password managers use, where a secondary device is required to authorize the initial setup. Another commenter proposes leveraging the security capabilities of the paired smartphone for a more secure onboarding experience.

• Cosmos Keyboard: Scan your hand, build a keyboard

  permalink

  Posted: 2025-01-13 17:42:00

  Verbose tl;dr

  Cosmos Keyboard is a project aiming to create a personalized keyboard based on a 3D scan of the user's hands. The scan data is used to generate a unique key layout and keycap profiles perfectly tailored to the user's hand shape and size. The goal is to improve typing ergonomics, comfort, and potentially speed by optimizing key positions and angles for individual hand physiology. The project is currently in the prototype phase and utilizes readily available 3D scanning and printing technology to achieve this customization.

  Ryan Isenberg has embarked upon an ambitious project, christened the "Cosmos Keyboard," which aims to revolutionize personalized typing experiences. The core concept revolves around leveraging 3D scanning technology to meticulously capture the unique contours of an individual's hands. This detailed scan then serves as the foundational blueprint for generating a custom-designed keyboard, ergonomically optimized for the specific user. The envisioned process involves employing readily available 3D scanning applications, readily accessible on contemporary smartphones, to acquire a high-fidelity three-dimensional model of the user's hands in a relaxed, typing posture.

  This digital representation is then processed by specialized software, developed by Isenberg, which algorithmically analyzes the hand shape, finger lengths, and overall hand proportions. This analysis informs the generation of a personalized keyboard layout, determining the optimal positioning and spacing of individual keys. The ultimate goal is to create a keyboard that perfectly complements the user's hand geometry, thereby promoting comfort, minimizing strain, and potentially enhancing typing speed and accuracy. The project is currently in its developmental stages, with Isenberg showcasing preliminary results and outlining his vision for the future of personalized keyboard design. He details the technical challenges involved, including ensuring scan accuracy, developing robust algorithms for key placement, and exploring various manufacturing techniques for the custom keyboards. While the final implementation details are still being refined, the Cosmos Keyboard project presents a compelling exploration of the intersection of 3D scanning, ergonomic design, and personalized computing peripherals. It promises a potential paradigm shift in how we interact with our digital devices, moving beyond the one-size-fits-all approach of traditional keyboards.

  • keyboard
  • ergonomics
  • 3D printing
  • customizable keyboard
  • hand scanning
  • biometrics
  • input device
  • human-computer interaction
  • DIY
  • assistive technology
  • personalized keyboard
  • adaptive keyboard
  • Cosmos Keyboard
  • alternative keyboard
  • hand-sculpted keyboard

  Summary of Comments ( 75 )
  https://news.ycombinator.com/item?id=42686144

  Verbose tl;dr

  Hacker News users discussed the Cosmos keyboard with cautious optimism. Several expressed interest in the customizability and ergonomic potential, particularly for those with injuries or unique hand shapes. Concerns were raised about the reliance on a phone's camera for scanning accuracy and the lack of key travel/tactile feedback. Some questioned the practicality of the projected keyboard for touch typing and the potential distraction of constantly looking at one's hands. The high price point was also a significant deterrent for many, with some suggesting a lower-cost, less advanced version could be more appealing. A few commenters drew comparisons to other projected keyboards and input methods, highlighting the limitations of similar past projects. Overall, the concept intrigued many, but skepticism remained regarding the execution and real-world usability.

  The Hacker News post "Cosmos Keyboard: Scan your hand, build a keyboard" linking to ryanis.cool/cosmos/ generated a moderate amount of discussion with a range of perspectives on the project.

  Several commenters expressed skepticism about the practicality and ergonomics of the keyboard. One commenter questioned the claimed typing speed improvements, suggesting that the learning curve and potential for hand strain might negate any benefits. Another raised concerns about the lack of tactile feedback, a feature considered crucial by many keyboard enthusiasts. The reliance on visual confirmation of keystrokes was also seen as a potential drawback, potentially slowing down typing and increasing eye strain.

  The customizability aspect of the keyboard, while intriguing to some, was also met with skepticism. One commenter pointed out that achieving a truly optimal layout requires extensive experimentation and data analysis, a task that might be too daunting for most users. The potential for creating suboptimal layouts, leading to decreased typing speed and increased error rates, was also mentioned.

  Some commenters questioned the necessity of the hand-scanning process. They argued that existing keyboard customization software already allows users to adjust layouts and key sizes without the need for 3D scanning.

  Despite the skepticism, some commenters expressed interest in the project. The potential for creating a truly personalized keyboard that accommodates individual hand shapes and typing styles was seen as a compelling idea. One commenter suggested that the keyboard might be particularly beneficial for individuals with hand injuries or disabilities.

  A few commenters focused on the technical aspects of the project. They inquired about the technology used for hand scanning and the algorithms used for generating the keyboard layout. There was also some discussion about the choice of materials and the manufacturing process.

  Overall, the comments reflect a cautious but curious attitude towards the Cosmos keyboard. While the concept of a personalized, hand-scanned keyboard generated some excitement, many commenters expressed valid concerns about its practicality, ergonomics, and potential drawbacks.