biometrics

[P.J. Ponder]

On Sat, 26 Jan 2002, cryptography at summitsecurity.org wrote:
> At 05:46 PM 1/26/02 -0500, P.J. Ponder wrote:
< . . . . >
> >Without think about it some more, I don't know whether to place the entire
> >notion of security controls based on biometric telemetry in with _pure_
> >bullshit like copy protection, watermarking, non-repudiation, tamper
> >proofing, or trusted third parties.  Admittedly, there is a lot of
> >bullshit in the idea, I'm just not sure it is pure.
>
> If you think about it, it's actually a succinct way of categorizing
> different ways that someone can authenticate themselves.  You seem to imply
> that the only nonbullshit way to do that is a) something you know.  I'd say
> that's been shown to be a pretty weak authentication method when relied on
> solely.

There isn't anything generally wrong with hardware devices or something
that 'one has'.  Tokens and the like can be cost effective in many
applications.  I'm working with some folks right now that are looking at
hardware dongle-type things for a particular security application.
Little hardware gizmos will probably turn out to be a good fit for what
they are doing.  Nothing wrong with that.

People often use password systems poorly, and many password systems permit
poor and sloppy use.  Still passwords and passphrases can be used
effectively.

I think the need for maintaining control over the biometric telemetry
equipment makes it suitable for a rather narrow range of applications.






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com