Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Biometrics (was Re: Username password VS hardware token plus PIN)

From: Kurt Buff <kurt.buff () gmail com>
Date: Thu, 14 Apr 2005 18:46:22 -0700
Marcus J. Ranum wrote:

Paul D. Robertson wrote:


I don't think a wrist is that much more trouble than a finger to a
machette



I know you're just being funny, but this all misses an important
point: against an opponent that is willing to physically attack,
threaten, or torture you ALL authentication systems
are worthless. Especially if you assume a level of indirection
can be added (I.e.: "log me into the system or your child dies.")

There's only so good it's worth making these things. My problem
with biometrics is that they're not even *that* good without a
heck of a lot of extra mechanisms and tweakage. Biometrics
are really only good if you, ummm.... sell biometrics.
mjr.
I'm probably baying at the moon here, as well as underestimating the difficulty of it all, but I have yet to hear anyone talk about voice recognition systems with a randomized set of cues - repeat these six words from the screen, please (out of say, 250/100/whatever that you've pre-recorded) - along with perhaps a voice stress analyzer component that would help detect coercion. I think this would prove most useful, and most likely to keep the victim unharmed. It wouldn't necessarily do a lot to prevent indirect threats, although I suppose for bank managers and the like a protocol could be developed (first team goes to the home and asks to see the family, then the second team visits the bank, or something like that.) 

Kurt
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: