again, the issue is cost/benefit trade-off.
The current implementation of pin/magstripe .... allows evesdropping & other techniques to efficiently electronically collect everything need across a potentially extremely large number of different accounts .... sufficient to perform multiple fraudulent transactions against each one of them. In the card/biometric example sited .... the water glass example is a total red herring. the card has to be first stolen in order to perform a fraudulent transaction. The claim is that it is more difficult & expensive to fake a biometric lifted off the card than it is to fake a pin written on the card (aka it is much more likely a fingerprint of interest can be lifted from the stolen card). This is much more of a exploit than the water glass red herring .... so the counter is how to make it more difficult that a fingerprint lifted from the card could result in a fraudulent transaction. Sidney Markowitz <[EMAIL PROTECTED]> To: Cryptography Mailing List Sent by: <[EMAIL PROTECTED]> owner-cryptography@wasabis cc: ystems.com Subject: Re: biometrics 01/28/2002 10:47 AM On Sun, 2002-01-27 at 14:07, [EMAIL PROTECTED] wrote: > The issue then is that biometric represents a particularly > difficult shared-secret that doesn't have to be memorized Shared "secret"? People don't leave a copy of their PIN on every water glass they use. -- sidney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]