You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current method relies on generating a hash of the provided fingerprint image and checking that the exact same image hasn't been sent multiple times. However, it is trivial for an attacker to alter the image by changing a single bit and bypassing the hash. Thankfully, replay attacks are protected against in several other locations in the system that are not specific to biometrics, but we should implement a better replay-protection strategy at this layer.
One solution would be to require encrypted and signed images and templates from the client and then check them here. Another could be to rate-limit requests based on the corresponding agent_id.
The text was updated successfully, but these errors were encountered:
The current method relies on generating a hash of the provided fingerprint image and checking that the exact same image hasn't been sent multiple times. However, it is trivial for an attacker to alter the image by changing a single bit and bypassing the hash. Thankfully, replay attacks are protected against in several other locations in the system that are not specific to biometrics, but we should implement a better replay-protection strategy at this layer.
One solution would be to require encrypted and signed images and templates from the client and then check them here. Another could be to rate-limit requests based on the corresponding agent_id.
The text was updated successfully, but these errors were encountered: