[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Smartcards and Physical Security

On Thu, 4 Dec 2003 02:32, Manoj Srivastava <srivasta@debian.org> wrote:
>         An even better security guideline is "something you are" -- so
>  should we not spring for retinal scanners/fingerprint readers/other
>  buiometrics? I mean, we _are_ talking about other peoples money. :P

Biometric scans are a bad idea.  The technology is unreliable, and I'd rather 
have someone steal my wallet to get a smart-card than try to steal an eye or 
a finger...

> > GPG smart-cards are entering the market.  If GPG is crackable then
> > we have lost regardless.  If GPG is secure then GPG smart-cards will
> > do as long as they are not stolen.  Having revokation proceedures
> > for stolen cards and DD's reliable enough to follow them should deal
> > with this.
>         Laptops with biometric print readers are supposed to be around
>  the horizon as well.

Current fingerprint readers have been shown to be very unreliable.  Both 
false-positives and false-negatives are big problems.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: