Yonatan Bokovza wrote... > Just one more: > You can't revoke a biometric key. If a BadGuy(tm) gets a > hold of the digital representation of, say, your finger- he > might be able to impersonate you. And poor you, you > can't revoke your finger, right? Not physically of course, but perhaps it might be possible to reregister using a fingerprint from another one of your fingers. In the inexpensive fingerprint scanner I have on my PC, I can only use those fingers that have previously been registered with the system. Of course, if BadGuy(tm) already has one fingerprint (or digital representation thereof), I don't know how hard it would be to forge one of another finger--I'm not a fingerprint expert. Of course this doesn't work with all biometric-type authentication mechanisms (e.g., facial recognition, voice print). Don't know if irises from each eye are different enough to make this work with iris scans or not. Does anyone know? --- Kevin W. Wall Qwest Communications International, Inc. Kevin.Wallat_private Phone: 614.932.5542 "Microsoft set the security state-of-the-art back 25 years with DOS, and they have continued that legacy to this day." -- Bruce Schneier, CRYPTO-GRAM, 6/15/99
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 14:04:58 PDT