Security Basics mailing list archives
Re: Biometrics
From: Eduardo Kienetz <eduardok () gmail com>
Date: Mon, 18 Jul 2005 13:07:38 -0300
On 7/13/05, Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> wrote:
On 2005-07-12 Eduardo Kienetz wrote:On 7/12/05, Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> wrote:1. With biometrics you always have to find a balance between false accepts (wrong person get's access) and false rejects (valid user doesn't get access). 2. Fingerprints can be easily forged [1], and people leave their marks around everywhere they go. 3. How will you handle a biometric token (i.e. fingerprint), that gets compromised? People usually have only ten fingers.Just a clarification here... This is not a problem anymore... there are new fingerprint (even whole hand) scanners that not only scan your finger/hand, but also measure temperature/pulse (to make sure the hand is alive :).You haven't read the article I mentioned, have you?
The article only shows someone copying a fingerprint, but no tests are made with a fingerprint recognition device. I wouldn't take conclusions from that. Also, the fingerprint is very well 'printed' in the bottle. Now, do you know of any studies with percentage of fingerprints been acquired in such a good shape (or, from such objects)? Note that I'm not opposing to your opinion, just adding more details into it. By the way, I've read many other articles besides that one.
Besides that if you use password-based auth, the "thief" would just need to threat you that... for example he'll cut your finger if you don't tell him the password... ;) etc.And you would consider this to be easier than getting someone's finger- print from e.g. a bottle or glass in a restaurant, because ... ?
I was comparing it to the fact of cutting someones finger, which was pointed out by our colleague. Nothing else. I agree getting someone's fingerprint from a bootle or glass is easier (although I maintain citation above regarding the superficial article).
One could even combine the scanning of BOTH hands to authorize.That would not only fail to solve the inherent problem, but also reduce the pool of available tokens from 10 to 1.
True. Perhaps you got me wrong. Best regards, -- Eduardo Bacchi Kienetz LPI Certified - Level 1 & 2 http://www.noticiaslinux.com.br/eduardo/
Current thread:
- Biometrics Trevor Jennings (Jul 11)
- Re: Biometrics Ansgar -59cobalt- Wiechers (Jul 12)
- Re: Biometrics Eduardo Kienetz (Jul 13)
- RE: Biometrics Jean François Quéralt (Jul 18)
- Re: Biometrics Chris Douglas (Jul 18)
- Re: Biometrics Ansgar -59cobalt- Wiechers (Jul 18)
- Re: Biometrics Eduardo Kienetz (Jul 20)
- Re: Biometrics Eduardo Kienetz (Jul 13)
- Re: Biometrics Ansgar -59cobalt- Wiechers (Jul 12)
- <Possible follow-ups>
- RE: Biometrics Vinsik, Steven C (Jul 12)
- RE: Biometrics Vinsik, Steven C (Jul 13)
- Re: Biometrics Ansgar -59cobalt- Wiechers (Jul 18)
- RE: Biometrics Brunner, Mark (Jul 18)
- RE: Biometrics Vinsik, Steven C (Jul 20)