[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Other than password
|
From: |
John |
|
Subject: |
Re: [Auth]Other than password |
|
Date: |
Tue, 31 Jul 2001 21:39:00 -0500 |
Norbert Bollow wrote:
>
> > The problem with biometric ID is that you can't change it, once it has been
> > copied. If somebody is able to make contact lenses that the biometric id
> > checker mistakes for your eyes, than you can't just rip your eyes off and
> > get a new pair. I have my reservations about this technology.
>
> Good point.
>
> Also someone might be able to intercept the data that is passed
> to the computer from the camera (or whatever) that obtains the
> raw biometric information. This may be a simpler way in which
> your biometric ID could potentially be faked.
Of course this is really outside of DotGNU, if we design with the
assumption that a user's password and username must be secured at all
points in the transaction *regardless of the source of that password*,
then we've done our job with due diligence. Truthfully, if you can fake
retinal scan data without an eyeball n'ala "Demolition Man", then you
can use the same technology to provide an overide.
Truthfully though, it's the responsibility of the maker of biometric
equipment to make sure they don't expose cleartext. We can suggest a
technological solution, but perhaps we can't enforce one?
John Le'Brecage