Conclusion

The viability of (re)generating strong cryptographic keys from voice utterances remains unproven. While we believe that the work presented in this paper offers steps toward achieving this goal and evidence that it can be reached, some critical advances are still required. Notably, our analyses using $m=46$ in [16] and $m=60$ here are insufficient for security as required in commercial applications, and our future work will continue to focus on reaching $m=80$ or higher. More extensive user trials to evaluate the entropy of users' distinguishing features is also needed. And, there remain numerous open questions as to how to tune an implementation of our approach in practice. The analysis of Section 5 hides many parameters from view, and the relationship between these parameters, security and usability need to be further explored.