From owner-freebsd-security  Wed Jun 19 10:20:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from web10103.mail.yahoo.com (web10103.mail.yahoo.com [216.136.130.53])
	by hub.freebsd.org (Postfix) with SMTP id BD82337B417
	for <freebsd-security@FreeBSD.ORG>; Wed, 19 Jun 2002 10:19:22 -0700 (PDT)
Message-ID: <20020619171922.48193.qmail@web10103.mail.yahoo.com>
Received: from [68.5.49.41] by web10103.mail.yahoo.com via HTTP; Wed, 19 Jun 2002 10:19:22 PDT
Date: Wed, 19 Jun 2002 10:19:22 -0700 (PDT)
From: twig les <twigles@yahoo.com>
Subject: Re: Password security
To: graham <graham@avint.net>, freebsd-security@FreeBSD.ORG
In-Reply-To: <02061914352901.22345@hercules.avint.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--- graham <graham@avint.net> wrote:
> It's alot easier to fool Biometrics than you think.
> I saw an episode of @discovery on The Discovery
> Channel's Canadian channel
> explaining how a mathematician and some grad
> students could fool all the current
> commercial biometric systems with common household
> items available from any
> supermarket. But I don't fully remember the details
> of that paticular episode.
> 
> 


I don't doubt it (although I missed the special), but
I don't know anyone who advocates the use of
biometrics as the sole method of authentication (US
airport security aside...).  Most of the time I've
used them you either needed a badge with it, or a
badge/PIN combo.  The addition of biometrics to a
badge or badge/PIN combo -even if it was tuned to give
more false positives than negatives- makes a huge
difference.

So what interests me is could these guys beat the
handprint reader WHILE they have a stolen/forged
smartcard AND someone's PIN code (all matching the
same person of course)?  If they can do that then my
hat is off to them and they should be Sneakers 2.

=====
-----------------------------------------------------------
Only fools have all the answers.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message