Firewall Wizards mailing list archives
RE: Biometrics (was Re: Username password VS hardware token plus PIN)
From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Fri, 15 Apr 2005 00:18:05 -0700
Fingerprint scans, as I've seen implemented, represent significantly less entropy that the 14 character "complex" password. The grids are pretty coarse. Biometrics are maybe a good replacement for PINs, used to authenticate a two-factor item, like a smartcard or time-based number token. In fact I wish this were available! They're crap for password replacement. There is a certain vendor selling fingerprint readers for Windows domain logon. They are "stashing" a tough password behind a low-entropy fingerprint. Business is good, because... "Hey! Biometrics!" Microsoft - to their credit - is marketing a fingerprint reader only as a store for low-grade, website passwords and IM logins.
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-
admin () honor icsalabs com] On Behalf Of Marcus J. Ranum Sent: Thursday, April 14, 2005 6:21 PM To: Paul D. Robertson; Michael J. Tubby B.Sc. (Hons) Cc: firewall-wizards () honor icsalabs com Subject: Re: Biometrics (was Re: [fw-wiz] Username password VS
hardware
token plus PIN) Paul D. Robertson wrote:I don't think a wrist is that much more trouble than a finger to a machetteI know you're just being funny, but this all misses an important point: against an opponent that is willing to physically attack, threaten, or torture you ALL authentication systems are worthless. Especially if you assume a level of indirection can be added (I.e.: "log me into the system or your child dies.") There's only so good it's worth making these things. My problem with biometrics is that they're not even *that* good without a heck of a lot of extra mechanisms and tweakage. Biometrics are really only good if you, ummm.... sell biometrics. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Adam Shostack (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Crispin Cowan (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Kurt Buff (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Kevin (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Vin McLellan (Apr 19)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) ArkanoiD (Apr 15)
- <Possible follow-ups>
- RE: Biometrics (was Re: Username password VS hardware token plus PIN) Jeremiah Cornelius (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Adam Shostack (Apr 14)