Re: OT: Smartcards and Physical Security
On Thu, 4 Dec 2003 02:32, Manoj Srivastava <firstname.lastname@example.org> wrote:
> An even better security guideline is "something you are" -- so
> should we not spring for retinal scanners/fingerprint readers/other
> buiometrics? I mean, we _are_ talking about other peoples money. :P
Biometric scans are a bad idea. The technology is unreliable, and I'd rather
have someone steal my wallet to get a smart-card than try to steal an eye or
> > GPG smart-cards are entering the market. If GPG is crackable then
> > we have lost regardless. If GPG is secure then GPG smart-cards will
> > do as long as they are not stolen. Having revokation proceedures
> > for stolen cards and DD's reliable enough to follow them should deal
> > with this.
> Laptops with biometric print readers are supposed to be around
> the horizon as well.
Current fingerprint readers have been shown to be very unreliable. Both
false-positives and false-negatives are big problems.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page