in the most recent PC magazine (2/12/2002) on the stands ... there is an article "Why Passords Don't Work" (pg. 68
In the article they repeat the recommendation that you never use/register the same shared-secret in different domains ... for every environment you are involved with ... you have to choose a different shared-secret. One of the issues of biometrics as a "shared-secret password" (as opposed to the interface between you and your chipcard) is that you could very quickly run out of different, unique body parts. there are large number of different ways of havesting shared secrets (pin, password, or biometric) ... the issue isn't so much whether or not pin, passwords, or biometrics can be harvested .... it refers to the business process distinction between "shared-secret" passwords, pins, or biometrics registered in various databases ... and "secret" passwords, pins, or biometrics that aren't registered in various databases. [EMAIL PROTECTED] on 1/26/2002 10:47 am wrote: 4 Shared "secret"? People don't leave a copy of their PIN on every water glass they use. -- sidney --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]