[10306] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: biometrics

daemon@ATHENA.MIT.EDU (lynn.wheeler@firstdata.com)
Mon Jan 28 16:46:51 2002

To: Sidney Markowitz <sidney@sidney.com>
Cc: Cryptography Mailing List <cryptography@wasabisystems.com>
Message-ID: <OF32E1BF5C.7CDACC1F-ON87256B4F.0073776C@internet.ny.fdms.firstdata.com>
From: lynn.wheeler@firstdata.com
Date: Mon, 28 Jan 2002 14:07:41 -0700
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii


again, the issue is cost/benefit trade-off.

The current implementation of pin/magstripe .... allows evesdropping &
other techniques to efficiently electronically collect everything need
across a potentially extremely large number of different accounts ....
sufficient to perform multiple fraudulent transactions against each one of
them.

In the card/biometric example sited .... the water glass example is a total
red herring. the card has to be first stolen in order to perform a
fraudulent transaction. The claim is that it is more difficult & expensive
to fake a biometric lifted off the card than it is to fake a pin written on
the card (aka it is much more likely a fingerprint of interest can be
lifted from the stolen card). This is much more of a exploit than the water
glass red herring .... so the counter is how to make it more difficult that
a fingerprint lifted from the card could result in a fraudulent
transaction.




                                                                                              
                              Sidney Markowitz                                                
                           <sidney@sidney.com>     To:      Cryptography Mailing List         
                                      Sent by:        <cryptography@wasabisystems.com>        
                    owner-cryptography@wasabis     cc:                                        
                                    ystems.com     Subject:      Re: biometrics               
                                                                                              
                                                                                              
                           01/28/2002 10:47 AM                                                
                                                                                              
                                                                                              




On Sun, 2002-01-27 at 14:07, lynn.wheeler@firstdata.com wrote:
> The issue then is that biometric represents a particularly
> difficult shared-secret that doesn't have to be memorized

Shared "secret"? People don't leave a copy of their PIN on every water
glass they use.

 -- sidney





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo@wasabisystems.com







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
home help back first fref pref prev next nref lref last post