Re: [Auth]Other than password

dotgnu-auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Other than password

From:	Rhys Weatherley
Subject:	Re: [Auth]Other than password
Date:	Tue, 31 Jul 2001 13:19:00 +1000

Mige Harimurti wrote:

> Hi ...
> I'm working for biometric, focusing with fingerprint. [...]
> The comparison process can be on the server or in the user side.

How is this any more secure than passwords?  If a cracker
sniffs the packet containing the biometric data, it can
be replayed just as easily as a password can.  i.e. once
they sniff my fingerprint data, they can pretend to be me.

Are you using tamper-proof fingerprint scanners with
end-to-end challenges and digital signatures to validate the
scan in real time?  If not, the security this provides isn't
all that useful.

Cheers,

Rhys.

[Prev in Thread]

Current Thread

[Next in Thread]

[Auth]Other than password, Mige Harimurti, 2001/07/30
- Re: [Auth]Other than password, Rhys Weatherley <=
  - Re: [Auth]Other than password, Mige Harimurti, 2001/07/31
- Re: [Auth]Other than password, Carsten Kuckuk, 2001/07/31
  - Re: [Auth]Other than password, Norbert Bollow, 2001/07/31
    - Re: [Auth]Other than password, David Talbot, 2001/07/31
    - Re: [Auth]Other than password, David Talbot, 2001/07/31
    - Re: [Auth]Other than password, John, 2001/07/31

Prev by Date: [Auth]Other than password
Next by Date: Re: [Auth]Other than password
Previous by thread: [Auth]Other than password
Next by thread: Re: [Auth]Other than password
Index(es):
- Date
- Thread