fingerprint readers

fingerprint readers
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
fingerprint readers Richard 02-19-2007
|--> Re: fingerprint readers Ertugrul Soeyle...02-20-2007
---> Re: fingerprint readers Juergen Nievele...02-20-2007
`--> Re: fingerprint readers Ertugrul Soeyle...02-23-2007
Posted by Juergen Nieveler on February 22, 2007, 9:51 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> I guess my real question is how does whatever the fingerprint reader
> generates compare to, say, a "properly constructed" 25 character typed
> password?

Actually, it doesn't. Those devices usually keep a list of your 25-
character passwords and unlock this list when presented with something
that generates the same hash value as your fingerprint.

> My thinking is that if a specific file, or (scenario #2) possibly the
> entire hard drive is encrypted, AND you need to either utilize
> internet accessible cracking software to brute force the 25 character
> password OR
> the string generated by the reader, OR be smart enough and have the
> proper equipment and time to find the single fingerprint needed to
> match, I have a more than reasonable expectation that the info is,
> realistically, not at risk.

If the data isn't that important to you and you think you can live with
the lower security provided by the fingerprint reader (which still is
greater than zero, mind you)... however, in that case you could also
use a shorter password.

Juergen Nieveler
--
Man who eat many prunes get good run for money.

Posted by Unruh on February 22, 2007, 2:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>Juergen Nieveler wrote:
>>
>>> I KNOW the documentation with MS Digital Persona fingerprint reader sez
>>> "Don't use for security purposes", BUT if I am using TrueCrypt, and an
>>> adequate strong password, then utilize the fingerprint reader in place
>>> of the typed password, how secure is my TrueCrypt file?
>>
>> Far less secure than with just the password. The fingerprint reader is
>> just a convenience tool that removes the need to type...
>>
>> Remember, all the fingerprint reader checks is wether something that
>> looks like your fingerprint is visible to the little camera inside. And
>> something that looks like your fingerprint can easily be created by
>> using the sample fingerprints you leave on everything you touch :-)
>>
>> Juergen Nieveler

>OK, thanks all, but-

>I guess my real question is how does whatever the fingerprint reader
>generates compare to, say, a "properly constructed" 25 character typed
>password? I'm not DOD or hi-tech research, just a working shmuck that
>needs to keep an opportunistic, and generally lazy, thief from accessing
> key personal or transaction information of mine or my clients.

VEry very poorly


>The potential value of the information to a thief would be either A)
>absolutely unknown, or B) reasonably expected to be limited to the value
>of personal ID info for unknown number of individuals, or possibly one
>or more specific individuals, therefore it would seem attack resources
>would be fairly limited.

Assume your files will be targeted by the worst enemy that your clients
have.


>My thinking is that if a specific file, or (scenario #2) possibly the
>entire hard drive is encrypted, AND you need to either utilize internet
>accessible cracking software to brute force the 25 character password OR
>the string generated by the reader, OR be smart enough and have the
>proper equipment and time to find the single fingerprint needed to
>match, I have a more than reasonable expectation that the info is,
>realistically, not at risk.

He knows which fingerprint-- yours. He knows when he steals them that your
fingerprints are all over the laptop, the computer and anything else in the
office or home he steals from. That is trivial.




>What say you?

HOw much insurance are you willing to buy to compensate your clients when
their information gets stolen bytheir worst enemy, and you are found at
fault.


Posted by on February 25, 2007, 9:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On 20 Feb 2007 09:42:05 GMT, Juergen Nieveler

>
>> I KNOW the documentation with MS Digital Persona fingerprint reader sez
>> "Don't use for security purposes", BUT if I am using TrueCrypt, and an
>> adequate strong password, then utilize the fingerprint reader in place
>> of the typed password, how secure is my TrueCrypt file?
>
>Far less secure than with just the password. The fingerprint reader is
>just a convenience tool that removes the need to type...
>
>Remember, all the fingerprint reader checks is wether something that
>looks like your fingerprint is visible to the little camera inside. And
>something that looks like your fingerprint can easily be created by
>using the sample fingerprints you leave on everything you touch :-)
>
>Juergen Nieveler

I suppose the only real use for it is for some humorous operating
system to send the fingerprint up the line to the FBI for the usual
control freak tax wasting program that doesn't really work all that
well. You could see where there's some potential if it caught on
though. Just not for you particularly.




Posted by Ken on February 22, 2007, 5:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 19 Feb 2007 17:57:25 -1000, Richard

>At the risk of being laughed/flamed into oblivion...        
>
>I KNOW the documentation with MS Digital Persona fingerprint reader sez
>"Don't use for security purposes", BUT if I am using TrueCrypt, and an
>adequate strong password, then utilize the fingerprint reader in place
>of the typed password, how secure is my TrueCrypt file?
>
>(I can use EITHER the typed in password or use my finger on the reader.)
>
>Thanks for your time...
Actually, the main problem with fingerprint readers in my limited
experience is the number of read failures. My laptop has a built in
reader, but I estimate better than 80% of all reads are a failure.
About half of the time, I get locked out of the reader by the intruder
detection routine which means more than four failures in a row.

Posted by Ertugrul Soeylemez on February 23, 2007, 2:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Actually, the main problem with fingerprint readers in my limited
> experience is the number of read failures. My laptop has a built in
> reader, but I estimate better than 80% of all reads are a failure.
> About half of the time, I get locked out of the reader by the intruder
> detection routine which means more than four failures in a row.

The problem here is that current fingerprint readers (for non-commercial
purposes) are based on image processing. They have a certain
granularity. If it's too fine, then there are too many false positives,
whereas if it's not, then security is reduced drastically.

Real fingerprint readers are based on neural networks. They are
expensive, and you need to train it for a while with positives _and_
negatives, until it recognizes your fingerprint and only your
fingerprint. They have the advantage that they are very secure and
produce almost no false positives. But as said, they are expensive and
a lot more difficult to use.


Regards,
E.S.

Similar ThreadsPosted
IBM usb fingerprint reader August 24, 2005, 4:33 pm
Biometric fingerprint keyboard July 24, 2005, 3:43 pm
free WSQ viewer released (FBI fingerprint image format) April 25, 2006, 7:19 pm

The site map in XML format XML site map

Contact Us | Privacy Policy