woodbe
commented
2 years ago @n-kai This specific testing is what @xahun was pointing out is likely impractical for the biometric testing. The problem is how do you interrupt the testing in the middle of the sequence (I'm honestly not even sure how you would do that). The other concern I actually have is whether just checking for the template itself in memory or if it should be checking for the sensor input from the user (which wouldn't be known until after the user enters it, and then what are we looking for, the raw image, or the processed template used to compare, or something else)?
In the end I think the problem here is that biometric systems do not line up neatly with entering a password. In that case I can simply dump the password and know that if that is found anywhere at some point it (that is outside of the bounds of use), then it is obviously a problem. But for a biometric, the template isn't going to look like the user input from a single scan, so what is it that I am checking for?
I can maybe see just saying to scan for something. For example, dump the template out and then try to scan for it after the sequence is complete (since the real point of the SFR is to show that it isn't available when no longer needed). It isn't clear that it can be done "in the middle" of the attempt, certainly by the user, and the cost of creating that debug capability vs what is shown after is not something I'm convinced is actually worthwhile.
To respond to #370