RE: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)

From: Eugene Kuznetsov (eugene_at_datapower.com)
Date: 04/12/05

  • Next message: Anton A. Chuvakin: "[fw-wiz] New Honeynet Project SotM Challenge #34" 
    To: "'Devdas Bhagat'" <devdas@dvb.homelinux.org>, <firewall-wizards@honor.icsalabs.com>
Date: Tue, 12 Apr 2005 08:33:59 -0400

    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
    > Of Devdas Bhagat

    > > The implementation doesn't matter if the attacker set
    > believes that they
    > > can breach the system. For instance, if a rumor starts
    > that iris scanners
    > > in ATMs open up if you pop out an eyeball and hold it on
    > the end of a pen,
    > > there will be a bunch of one-eyed victims running around
    > _even if the
    > > premise is untrue_.
    >
    > http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm
    >
    > Anyone feel like continuing to use or recommend biometrics?
    >
    > I would *much* rather be safe.

    This is a very good point. With passwords, you may be physically harmed to
    extract the knowledge from you, but at least it's dependent on how resistant
    you are to giving it up!

    Anyone else care to comment or offer a reason why this isn't a problem?

    \\ Eugene Kuznetsov, Chairman & CTO : eugene@datapower.com
    \\ DataPower Technology, Inc. : Web Services security
    \\ http://www.datapower.com : XML-aware networks

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Anton A. Chuvakin: "[fw-wiz] New Honeynet Project SotM Challenge #34"