Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: Biometrics (was Re: Username password VS hardware token plus PIN)

RE: Biometrics (was Re: Username password VS hardware token plus PIN)

From: Jeremiah Cornelius <jeremiah_at_nur.net>
Date: Fri, 15 Apr 2005 00:18:05 -0700

Fingerprint scans, as I've seen implemented, represent significantly
less entropy that the 14 character "complex" password. The grids are
pretty coarse.

Biometrics are maybe a good replacement for PINs, used to authenticate a
two-factor item, like a smartcard or time-based number token. In fact I
wish this were available! They're crap for password replacement.

There is a certain vendor selling fingerprint readers for Windows domain
logon. They are "stashing" a tough password behind a low-entropy
fingerprint. Business is good, because... "Hey! Biometrics!"

Microsoft - to their credit - is marketing a fingerprint reader only as
a store for low-grade, website passwords and IM logins.

> -----Original Message-----
> From: firewall-wizards-admin_at_honor.icsalabs.com
[mailto:firewall-wizards-
> admin_at_honor.icsalabs.com] On Behalf Of Marcus J. Ranum
> Sent: Thursday, April 14, 2005 6:21 PM
> To: Paul D. Robertson; Michael J. Tubby B.Sc. (Hons)
> Cc: firewall-wizards_at_honor.icsalabs.com
> Subject: Re: Biometrics (was Re: [fw-wiz] Username password VS
hardware
> token plus PIN)
>
> Paul D. Robertson wrote:
> >I don't think a wrist is that much more trouble than a finger to a
> >machette
>
> I know you're just being funny, but this all misses an important
> point: against an opponent that is willing to physically attack,
> threaten, or torture you ALL authentication systems
> are worthless. Especially if you assume a level of indirection
> can be added (I.e.: "log me into the system or your child dies.")
>
> There's only so good it's worth making these things. My problem
> with biometrics is that they're not even *that* good without a
> heck of a lot of extra mechanisms and tweakage. Biometrics
> are really only good if you, ummm.... sell biometrics.
>
> mjr.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 15 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos