Not wanting to have extended contest over this, but all these absolutes in the comments are just too simplistic. Devices can be made as tamper-resistant as the threat- and value-model required. I have worked a lot with zeroizing devices. It's really No Big Deal. Smartcards are tamper PROTECTED. A ccd retinal scanner can include cryptographic protections onchip. C'mon, depending on "is-ness" is exactly the same cat-and-mouse game as authentication technologies that depend on "have-ness" and "know-ness" attributes. All have strengths and weaknesses.
At 02:55 PM 1/25/02 -0800, [EMAIL PROTECTED] wrote: >Hi ... >I think it's safe to say that any system can be made wothless by improper >or inadequate implementation and that's no more or less true for biometrics ..... > >Biometrics cannot be used except if Alice completely and >reliably has physical control over the device she is using to identify >Bob. Anyone claiming otherwise is simply wrong. --Perry] > A PROPERLY DESIGNED system provides a level of assurance commensurate with the value and threat models - it may indeed require a combination of technologies, such as strong authentication of the sensor using cryptographic techniques, and signal security for confidentiality. That is all most certainly achievable, to essentially any desirable assurance level, modulo some dollar amount. Anyone claiming otherwise is simply wrong :) <END> --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
