From owner-freebsd-security  Tue Jun 18 22: 4:59 2002
Delivered-To: freebsd-security@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 3BD1B37B401
	for <freebsd-security@FreeBSD.ORG>; Tue, 18 Jun 2002 22:04:55 -0700 (PDT)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.11.6/8.11.6) with ESMTP id g5J54kD75187;
	Tue, 18 Jun 2002 23:04:49 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Tue, 18 Jun 2002 23:04:44 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Eric F Crist <ecrist@adtechintegrated.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: RE: Password security
In-Reply-To: <000c01c2174c$5a38f230$77fe180c@armageddon>
Message-ID: <20020618225214.L74293-100000@ren.sasknow.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hi Eric,


Eric F Crist wrote to 'Ryan Thompson' and freebsd-security@FreeBSD.ORG:

> Have you explored the idea of biometrics?

Yes. Bad idea. I knew someone would suggest that. My original post was
too long already to include biometrics, so, since you asked, here it
is. :-)

> It requires a piece of hardware on each computer that is going to
> access the network, but the way you're making your security
> requirements sound, the security benefit is worth the cost.

Depending on the metric somewhat, collecting biometrics on insecure
systems is a serious security risk. Hardware costs aside (about 20
terminals, a few of which are home systems not even owned by the
company), it's far too easy to replay biometrics if the end system
isn't secure... and, last time I checked, most of my employees had
only 10 fingers each. Once those are gone, what then? Eyeballs? :-)
So, on a lot of levels, biometrics are not an option.

So, let's stick with password security for now. :-)


> Eric F Crist
> President/Sys Admin
> AdTech Integrated Systems, Inc
> http://www.adtechintegrated.com

-- 
  Ryan Thompson <ryan@sasknow.com>

  SaskNow Technologies - http://www.sasknow.com
  901 1st Avenue North - Saskatoon, SK - S7K 1Y4

        Tel: 306-664-3600   Fax: 306-664-3630   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message