Biometric algorithms are proprietary and not validated
Many encryption algorithms are publicly available to allow cryptographers to analyse
and verify the strength of the encryption. Biometric algorithms are not readily available
for review and are thus an unknown factor.
Biometric algorithms do not generally fulfil the same purpose as cryptographic
algorithms. Rather, they represent the encoding rules for the biometric feature set to
derive a template in order to provide a means of distinguishing between the features
of enrolled users of the system. The purpose of the biometric algorithm is functional
rather than security related, though there may be security connotations
If an analyst (or an attacker) wishes to understand the working of the algorithm, then the
task is likely to be easier if the algorithm is publicly available. An impostor might wish
to examine the algorithm to determine how the biometric ? template mapping works,
and what elements are more and less important to the authentication process. This
knowledge could aid the construction of an artefact intended to spoof the system,
particularly if the approach was to be that of an artificially constructed image rather
than a copy of a known legitimate image. An undisclosed algorithm would make this
process more difficult (security through obscurity) but is unlikely to resist a determined
attack that might involve reverse engineering of the algorithm. Conversely, a publicly
available algorithm may help to highlight potential weaknesses and thereby assist in
their eradication (i.e. as for the case of password algorithms)