From owner-freebsd-hackers@FreeBSD.ORG Tue May 9 07:43:51 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6692B16A404 for ; Tue, 9 May 2006 07:43:51 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F54043D49 for ; Tue, 9 May 2006 07:43:50 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 204CE50F9A; Tue, 9 May 2006 09:43:48 +0200 (CEST) Received: from localhost (dlv163.neoplus.adsl.tpnet.pl [83.24.51.163]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 04A1050F93; Tue, 9 May 2006 09:43:41 +0200 (CEST) Date: Tue, 9 May 2006 09:42:03 +0200 From: Pawel Jakub Dawidek To: Fredrik Lindberg Message-ID: <20060509074203.GA91101@garage.freebsd.pl> References: <00fb01c66fb2$a8e157c0$0501010a@ironman> <445A5F48.60303@spintech.ro> <200605051009.49344.doconnor@gsoft.com.au> <445AF8AB.9080008@shapeshifter.se> <445B35EA.5080009@spintech.ro> <445B48E6.3070000@shapeshifter.se> <445B544D.5070107@spintech.ro> <445B59EE.6040701@shapeshifter.se> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <445B59EE.6040701@shapeshifter.se> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-hackers@freebsd.org, aanton@spintech.ro, Cesar Subject: Re: Fingerprint Authentication X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 07:43:51 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote: +> Alin-Adrian Anton wrote: +> >Fredrik Lindberg wrote: +> >> +> >>But that would sort of defeat the whole purpose of biometric authentic= ation and you could really just use public keys instead +> >>which would be a lot faster and easier than scanning your finger +> >>at each login. :) +> >> +> >Unless you locally encrypt your private key with information gathered b= y the fingerprint reader, as a "password". +>=20 +> That's exactly the problem with, at least, UPEKs driver. If you scan +> one of your fingers twice you'll get two "different" BioAPI records. +> That's "different" as in two binary data blobs which aren't equal. +> To match these records with each other, you hand them over to the +> driver which, as far as I know, hand them over to the hardware +> which in turn performs some black magic and then tell you if +> the records match or not. That's right, but the idea with asymmetric crypto is very accurate. Such fingerprint reader should have a "secure chip" with your private key and on authentication, you should provide data from your finger scan and data to sign - on match, it should return signed data, which you can use to continue authentication process. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEYEfLForvXbEpPzQRAk4NAKDTXlKZcct23JgQBWjNAVc+qeAROQCfWsfX mUvq/zltBP2x192JoHONGDM= =V5no -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--