Re: Password Cracking

• Previous message: Fireglyph: "Re: Password Cracking"
• In reply to: Lyal Collins: "Re: Password Cracking"
• Next in thread: S. Pidgorny [MVP]: "Re: Password Cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Fireglyph <fireglyph@gmx.net>
Date: 26 Jan 2003 12:27:54 GMT

Lyal Collins <lyalc@ozemail.com.au> wrote:
>
> I agre - worse, passwords perform the underlying user authentication in
> almost all existing products - smartcards, digital certs etc.
> Until (if) we get to biometrics, then we have replaced one mechanism for
> identity abuse for another - how to revent misuse of my fingerprint, facial
> image etc. Remember, if it can be recorded, it can be duplicated.
> Lyal

Not necessarily. Passwords aren't stored in existing systems, so
why should we do that with fingerprints? To authenticate someone,
the hash is sufficient.

Moreover, the combination of smartcards and biometrics is an
interesting idea. The problem with smartcards is that they
can be stolen. But this can be solved.

Think of a smartcard which stores an encrypted private key used
for signing documents and authentication. The key to decrypt the
private key isn't stored on the card at all, but the card has a
touch sensitive area on which you have to press your finger. The
information from the fingerprint (a hash) is used as the key to
decrypt your private key.

The card is worthless to everyone else. Only you can use it.

Of course, someone could cut off your finger, but to get a password
stored in your head, they might torture you, put a gun on your
head, use drugs - whatever.

Bye,

Fireglyph

• Next message: sam brown: "Seek NT administrators to do free-lance security for clients"
• Previous message: Fireglyph: "Re: Password Cracking"
• In reply to: Lyal Collins: "Re: Password Cracking"
• Next in thread: S. Pidgorny [MVP]: "Re: Password Cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]