Re: Driver for Microsoft USB Fingerprint Reader

Alan Cox <[email protected]> wrote:
> Ar Iau, 2006-07-06 am 00:48 -0400, ysgrifennodd [email protected]:

>> As far as I can tell, the only thing you want is AUTHENTICATION - you
>> want proof that you are getting a "live" scan taken from a user
>> who's present, and not a replay of what was sent last week.
> 
> Read the papers on the subject. If I can get copies of the unencrypted
> data I can use those to make fake fingers.

Copies like the one on the glass I used in the restaurant ...

> A finger print is personal data, arguably sensitive personal data. That
> means there are lots of duties to store it securely.

That's why every waiter will assiduously clean your glass. won't he?

> It is also very
> hard to revoke a fingerprint so theft of data is highly problematic as
> it will allow me to generate fake fingers.

That's the problem: You can't know who is acting responsibly and who isn't.
Therefore you can't reuse your fingerprint on different sites.

> Theft of encrypted data might
> allow replay attacks on one PC. Big deal.

ACK. It should be protected by a nonce, too, as long as you depend on
encryption. You should also authenticate the reader before prompting for
a fingerprint, otherwise the replacement device might store the image to a
secondary location. And don't forget to prompt for cleaning the scanner, I
have heared rumors about scanners erroneously authenticating the previous
user. You should also install a camera preventing an attacker to place his
own scanner on top of yours.
-- 
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.

http://david.woodhou.se/why-not-spf.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Prev by Date: [PATCH][ACPI] Missing newline in acpi messes up dmesg output
• Next by Date: Re: 2.6.17-mm6
• Previous by thread: Re: Driver for Microsoft USB Fingerprint Reader
• Next by thread: 2.6.17.2 + libata + pata_ali - interminnent can't resume after STR
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]