|
From: | Mige Harimurti |
Subject: | Re: [Auth]Other than password |
Date: | Tue, 31 Jul 2001 14:38:39 +0700 |
At 13:19 7/31/01 +1000, you wrote:
Mige Harimurti wrote: > Hi ... > I'm working for biometric, focusing with fingerprint. [...] > The comparison process can be on the server or in the user side. How is this any more secure than passwords? If a cracker sniffs the packet containing the biometric data, it can be replayed just as easily as a password can. i.e. once they sniff my fingerprint data, they can pretend to be me.
Of course if they got the data. It just another alternative than password. But you don't have to remember the password. I think the fingerprint method will be much cheaper in the near future.So It will be, in my vision, more common to see a little gadget with fingerprint device. e.g. mouse, pda, mobile-phone or notebook with fingerprint sensor. Or as add-on card with PCMCIA.
Are you using tamper-proof fingerprint scanners with end-to-end challenges and digital signatures to validate the scan in real time? If not, the security this provides isn't all that useful.
No. Not for now.
Cheers, Rhys.
Regards, Mige
[Prev in Thread] | Current Thread | [Next in Thread] |