[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Other than password

From: Rhys Weatherley
Subject: Re: [Auth]Other than password
Date: Tue, 31 Jul 2001 13:19:00 +1000

Mige Harimurti wrote:

> Hi ...
> I'm working for biometric, focusing with fingerprint. [...]
> The comparison process can be on the server or in the user side.

How is this any more secure than passwords?  If a cracker
sniffs the packet containing the biometric data, it can
be replayed just as easily as a password can.  i.e. once
they sniff my fingerprint data, they can pretend to be me.

Are you using tamper-proof fingerprint scanners with
end-to-end challenges and digital signatures to validate the
scan in real time?  If not, the security this provides isn't
all that useful.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]