[10334] in cryptography@c2.net mail archive
Re: biometrics
daemon@ATHENA.MIT.EDU (Ben Laurie)
Wed Jan 30 19:20:24 2002
Message-ID: <3C57B2B3.C831ED90@algroup.co.uk>
Date: Wed, 30 Jan 2002 08:45:39 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: Bill Frantz <frantz@pwpconsult.com>
Cc: lynn.wheeler@firstdata.com, cryptography@wasabisystems.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Bill Frantz wrote:
>
> At 4:06 PM -0800 1/28/02, lynn.wheeler@firstdata.com wrote:
> >at least part of the fingerprint as a PIN ... isn't the guessing issue &/or
> >false positives .... it is the forgetting issue (and the non-trivial number
> >of people that write their PIN on the card).
>
> Or to state it another way. These cards attempt to use two factor
> authentication, what you have (the card) and what you know (the PIN). When
> a user writes the PIN on the card, it becomes one factor authentication.
> Almost anything that returns it to being two factor security would be an
> improvement. (Biometrics offers the possibility of 3 factor authentication.
>
> What would be really nice is to be able to have the same PIN/password for
> everything. With frequent use, forgetting it would be less of a problem,
> as would the temptation to write it down. However, such a system would
> require that the PIN/password be kept secret from the verifier (including
> possibly untrusted hardware/software used to enter it.
This is why you need to carry your verifying equipment around with you -
a PDA with a decent OS is the way to go, IMO.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
