RE: CDSA-biometrics

From: Wall, Kevin (Kevin.Wallat_private)
Date: Thu Jun 28 2001 - 10:05:00 PDT

  • Next message: Ryan Russell: "Re: OT: Re: Secure popen"

    Yonatan Bokovza wrote...
    
    > Just one more:
    > You can't revoke a biometric key. If a BadGuy(tm) gets a
    > hold of the digital representation of, say, your finger- he
    > might be able to impersonate you. And poor you, you
    > can't revoke your finger, right?
    
    Not physically of course, but perhaps it might be possible
    to reregister using a fingerprint from another one of your
    fingers. In the inexpensive fingerprint scanner I have on
    my PC, I can only use those fingers that have previously
    been registered with the system. Of course, if BadGuy(tm)
    already has one fingerprint (or digital representation thereof),
    I don't know how hard it would be to forge one of another
    finger--I'm not a fingerprint expert.
    
    Of course this doesn't work with all biometric-type authentication
    mechanisms (e.g., facial recognition, voice print). Don't know if
    irises from each eye are different enough to make this work with
    iris scans or not. Does anyone know?
    ---
    Kevin W. Wall		Qwest Communications International, Inc.
    Kevin.Wallat_private	Phone: 614.932.5542
    "Microsoft set the security state-of-the-art back 25 years with DOS, and
    they
    have continued that legacy to this day." -- Bruce Schneier, CRYPTO-GRAM,
    6/15/99
    



    This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 14:04:58 PDT