From owner-freebsd-hackers@FreeBSD.ORG Tue May 9 13:46:37 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35BB016A404; Tue, 9 May 2006 13:46:37 +0000 (UTC) (envelope-from fli+freebsd-hackers@shapeshifter.se) Received: from mx1.h3q.net (manticore.shapeshifter.se [212.37.5.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3DEE43D45; Tue, 9 May 2006 13:46:36 +0000 (GMT) (envelope-from fli+freebsd-hackers@shapeshifter.se) Received: from localhost (localhost [127.0.0.1]) by mx1.h3q.net (Postfix) with ESMTP id 297941A770; Tue, 9 May 2006 15:46:34 +0200 (CEST) Received: from mx1.h3q.net ([127.0.0.1]) by localhost (mx1.h3q.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75987-10; Tue, 9 May 2006 15:46:33 +0200 (CEST) Received: from [10.0.0.50] (sto-nat.se.tangram-group.net [212.37.5.19]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.h3q.net (Postfix) with ESMTP id 247581A723; Tue, 9 May 2006 15:46:33 +0200 (CEST) Message-ID: <44609D44.3090502@shapeshifter.se> Date: Tue, 09 May 2006 15:46:44 +0200 From: Fredrik Lindberg User-Agent: Thunderbird 1.5.0.2 (X11/20060423) MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <00fb01c66fb2$a8e157c0$0501010a@ironman> <445A5F48.60303@spintech.ro> <200605051009.49344.doconnor@gsoft.com.au> <445AF8AB.9080008@shapeshifter.se> <445B35EA.5080009@spintech.ro> <445B48E6.3070000@shapeshifter.se> <445B544D.5070107@spintech.ro> <445B59EE.6040701@shapeshifter.se> <20060509074203.GA91101@garage.freebsd.pl> In-Reply-To: <20060509074203.GA91101@garage.freebsd.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at h3q.net Cc: freebsd-hackers@freebsd.org, aanton@spintech.ro, Cesar Subject: Re: Fingerprint Authentication X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 13:46:37 -0000 Pawel Jakub Dawidek wrote: > On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote: > +> Alin-Adrian Anton wrote: > +> >Fredrik Lindberg wrote: > +> >> > +> >>But that would sort of defeat the whole purpose of biometric authentication and you could really just use public keys instead > +> >>which would be a lot faster and easier than scanning your finger > +> >>at each login. :) > +> >> > +> >Unless you locally encrypt your private key with information gathered by the fingerprint reader, as a "password". > +> > +> That's exactly the problem with, at least, UPEKs driver. If you scan > +> one of your fingers twice you'll get two "different" BioAPI records. > > That's right, but the idea with asymmetric crypto is very accurate. > Such fingerprint reader should have a "secure chip" with your private > key and on authentication, you should provide data from your finger scan > and data to sign - on match, it should return signed data, which you can > use to continue authentication process. > Ah, yes with support from the hardware that would certainly be possible. But I was more or less referring to the current state of UPEKs hardware and (binary only/closed source) drivers. Fredrik Lindberg