On 2006-06-29 Dan Shoop wrote:
> At 9:13 AM +0200 6/29/06, Ansgar -59cobalt- Wiechers wrote:
>> On 2006-06-28 Dan Shoop wrote:
>>> A "biometric token" is something like my iris or my thumb. If it's
>>> compromised then that means someone else has my iris or thumb.
>>
>> No. It just means that someone else has a copy of it.
>
> Then the scanner is at fault for not being able to tell the real
> McCoy from a fake.
Welcome to the real world.
> My retina and fingerprints are assumed to be unique.
True (though for fingerprints there are quite a few people with
insufficiently distinctive ones), but that's not the issue at hand.
> BTW, the same non-guarantee for uniqueness permeates cryptographic
> keys so this is hardly anymore of a concern just b/c it's biometric
> in nature.
Not true, because people don't tend to leave their crypto key everyplace
they touch (unlike e.g. fingerprints). The problem with most biometric
tokens is that people are wearing them on their sleeves.
>>> That means it no longer is mine
>>
>> Non sequitur.
>
> It is completely sequitur. If someone else has my eye or my car key's
> then they are no longer mine. At which point proper escalation is
> needed to either (a) recover the lost keys or (b) replace the lost
> keys.
Wrong, because the problem is not how unique the token is, but how easy
it can be copied/faked in a way that will fool the authenticator. Which
is pretty easy for a great many biometric tokens.
>>> and is no longer a token I can use so just like an other token it
>>> needs replaced.
>>
>> True. However, the problem with replacing biometric tokens is that
>> you have very few to chose from.
>
> But they're hard to "loose". If I loose my eye, I have one more. But
> loosing an eye isn't as common as loosing my car keys.
You don't need to lose your eye. All I need is a high-resolution camera
and voila, I own a copy of your iris. Not to mention fingerprints.
>>> As for spoofing or false-positive issues this isn't the fault of the
>>> token but the authenticator. The token (e.g. my iris) is quite good
>>> enough already.
>>
>> Of course FAR/FRR is an issue of the authenticator, but that doesn't
>> make the tradeoff between them go away.
>
> No but
>
>> As for the quality of tokens: they all have issues of their own. Some
>> (e.g. fingerprints) are easy to copy because everyone leaves them
>> everywhere,
>
> Rejecting forged copies is the task of the authenticator.
True. However, in the real world they fail at that far too often.
[...]
>> others (e.g. retina) aren't too easy to read out, but may
>> thus not be accepted too well by the users.
>
> Try entering the United States as a non-citizen.
With their current politics I wouldn't enter the US if someone paid me
for it.
Regards
Ansgar Wiechers
--
"Abstractions save us time working, but they don't save us time learning."
--Joel Spolsky
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
