[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Other than password
From: |
Rhys Weatherley |
Subject: |
Re: [Auth]Other than password |
Date: |
Tue, 31 Jul 2001 13:19:00 +1000 |
Mige Harimurti wrote:
> Hi ...
> I'm working for biometric, focusing with fingerprint. [...]
> The comparison process can be on the server or in the user side.
How is this any more secure than passwords? If a cracker
sniffs the packet containing the biometric data, it can
be replayed just as easily as a password can. i.e. once
they sniff my fingerprint data, they can pretend to be me.
Are you using tamper-proof fingerprint scanners with
end-to-end challenges and digital signatures to validate the
scan in real time? If not, the security this provides isn't
all that useful.
Cheers,
Rhys.