Date: Wed, 19 Jun 2002 13:30:56 -0500 From: "Eric F Crist" <ecrist@adtechintegrated.com> To: "'twig les'" <twigles@yahoo.com>, "'graham'" <graham@avint.net>, <freebsd-security@FreeBSD.ORG> Subject: RE: Password security (my final post on this particular thread) Message-ID: <004101c217bf$74a26f70$77fe180c@armageddon> In-Reply-To: <20020619171922.48193.qmail@web10103.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It's apparent that this conversation could go on forever. It is also apparent that Ryan Thompson (original poster) is in search of a 100% fool proof method of authentication, which all of us know doesn't exist. Basically, we all seem to have come to the consensus that: 1) Password security is not perfect due the inability of most people/users of data networks to remember and conjure up difficult, complex, or hard to guess passwords. 2) Biometrics is not a fool proof method of authentication and there are ways to trick these devices. 3) The generally agreed upon method for the most secure method of authentication over a seemingly insecure data network would be to combine a multitude of different technology, all dependent on each other. Eric F Crist President/Sys Admin AdTech Integrated Systems, Inc http://www.adtechintegrated.com -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of twig les Sent: Wednesday, June 19, 2002 12:19 PM To: graham; freebsd-security@FreeBSD.ORG Subject: Re: Password security --- graham <graham@avint.net> wrote: > It's alot easier to fool Biometrics than you think. > I saw an episode of @discovery on The Discovery > Channel's Canadian channel > explaining how a mathematician and some grad > students could fool all the current > commercial biometric systems with common household > items available from any > supermarket. But I don't fully remember the details > of that paticular episode. > > I don't doubt it (although I missed the special), but I don't know anyone who advocates the use of biometrics as the sole method of authentication (US airport security aside...). Most of the time I've used them you either needed a badge with it, or a badge/PIN combo. The addition of biometrics to a badge or badge/PIN combo -even if it was tuned to give more false positives than negatives- makes a huge difference. So what interests me is could these guys beat the handprint reader WHILE they have a stolen/forged smartcard AND someone's PIN code (all matching the same person of course)? If they can do that then my hat is off to them and they should be Sneakers 2. ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004101c217bf$74a26f70$77fe180c>