again, the issue is cost/benefit trade-off.
The current implementation of pin/magstripe .... allows evesdropping &
other techniques to efficiently electronically collect everything need
across a potentially extremely large number of different accounts ....
sufficient to perform multiple fraudulent transactions against each one of
them.
In the card/biometric example sited .... the water glass example is a total
red herring. the card has to be first stolen in order to perform a
fraudulent transaction. The claim is that it is more difficult & expensive
to fake a biometric lifted off the card than it is to fake a pin written on
the card (aka it is much more likely a fingerprint of interest can be
lifted from the stolen card). This is much more of a exploit than the water
glass red herring .... so the counter is how to make it more difficult that
a fingerprint lifted from the card could result in a fraudulent
transaction.
Sidney Markowitz
<[EMAIL PROTECTED]> To: Cryptography Mailing List
Sent by: <[EMAIL PROTECTED]>
owner-cryptography@wasabis cc:
ystems.com Subject: Re: biometrics
01/28/2002 10:47 AM
On Sun, 2002-01-27 at 14:07, [EMAIL PROTECTED] wrote:
> The issue then is that biometric represents a particularly
> difficult shared-secret that doesn't have to be memorized
Shared "secret"? People don't leave a copy of their PIN on every water
glass they use.
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
