Iris patterns contain rich discriminative information and can be efficiently encoded in a compact binary form. These nice properties allow smooth integration with the fuzzy commitment scheme. Instead of storing iris codes directly, a random secret can be derived such that user privacy can be preserved. Despite the successful implementation, the dependency existing in iris codes can strongly reduce the security of fuzzy commitment. This paper shows that the distribution of iris codes complies with the Markov model. Additionally, an algorithm retrieving secrets from the iris fuzzy commitment scheme is proposed. The experimental results show that with knowledge of the iris distribution secrets can be recovered with low complexity. This work shows that distribution analysis is essential for security assessment of fuzzy commitment. Ignoring the dependency of binary features can lead to overestimation of the security.