Home page logo
/

basics logo Security Basics mailing list archives

Re: Biometric question
From: john slee <indigoid () higherplane net>
Date: Fri, 8 Nov 2002 07:32:32 +1100

On Thu, Nov 07, 2002 at 11:13:16AM -0600, Michael Sconzo wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the more memorable things that I have read about fingerprint
scanners is:
http://www.counterpane.com/crypto-gram-0205.html#5

You can basically fake a fingerprint biometric machine with a gummi
bear.  If I remember correctly, the majority of fingerprint scanners
are vulnerable to this type of attack. One of the big things to look
for is one that samples SHAPES not POINTS, and remember the more the
merrier.

fingerprint scanners are bloody impractical.  you'll be wanting to keep
a bottle of Ajax|Windex|Some_Other_Cleaner_Stuff and a clean rag next to
the scanner at all times.  otherwise it'll just grime up and not allow
anyone in.  they get very filthy very fast, makes you wonder about some
people's personal hygiene

As for other types of biometrics, I am not too sure, hopefully
somebody else can shed some light on those.

iris (not retina!) scanners are reputedly pretty good, and they don't
have the cleaning problems of fingerprint scanners.  the ones i have
interacted with have been very slow though; 10 seconds or more to do a
scan

don't rely on biometrics too much.

j.

-- 
toyota power: http://indigoid.net/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]