Date: 19 Jun 2002 16:58:43 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Michael Sierchio <kudzu@tenebras.com> Cc: Eric F Crist <ecrist@adtechintegrated.com>, 'Ryan Thompson' <ryan@sasknow.com>, freebsd-security@FreeBSD.ORG Subject: Re: Password security Message-ID: <xzp4rfziacc.fsf@flood.ping.uio.no> In-Reply-To: <3D109329.8050007@tenebras.com> References: <000c01c2174c$5a38f230$77fe180c@armageddon> <xzpr8j3ipbp.fsf@flood.ping.uio.no> <3D109329.8050007@tenebras.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Sierchio <kudzu@tenebras.com> writes: > Dag-Erling Smorgrav wrote: > > 1) Biometrics can't be used reliably for remote access. > There are zero-knowledge protocols for secure remote use of > biometric data. Most fingerprint scanners don't even encrypt the data they send to the computer they're connected to. > > 2) I don't know of any currently available biometric authentication > > device that can't be easily fooled. > Somewhat misleading -- any biometric method of identification > has false positives and false negatives. For software engineers, > this seems unacceptable, since we're used to boolean values > for Truth. When "false positives" includes reliably identifying a laptop showing an AVI of a talking person (for one facial recognition system I know of) or a plastic bag filled with warm water (for one fingerprint scanner I know of) as the rightful user, they fall under my definition of "useless". I know of two independent studies in which all the biometric devices tested (about a dozen in each study, with some overlap) were fooled with very simple means. The only biometric authentication system I trust (to some degree, anyway) is the human brain. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp4rfziacc.fsf>