On Tue, Apr 18, 2000 at 11:08:18AM -0700, Patrick Henry wrote: > > Would some people like to review disk encryptors that they are > > familiar with? > > I use the Digital Persona U.are.U system. It is a fingerprint biometric > access system which includes (if you get the Deluxe version) the Private > Space disk encryption software. You actually reserve up to 900 MB of > disk space for your "private space," which is then encrypted with > 128-bit Blowfish encryption. It a timeout feature, whereby the space is > automatically closed after a user-configurable time period. You can > turn off password overrides, thereby reducing the threat of attack by > keyboard sniffer. Caveats: source code is not available for inspection, > and it might be possible for someone to lift a latent fingerprint from > your work area and make a rubber finger. The device supposedly has some > type of "live finger" detector though. Most fingerprint biometric readers try to detect latex molds and dead fingers. The problem that I have with the U.are.U system, and anything else like it, is that I can't see how to make it secure. The scan that's taken on the reader when you put your finger on it has to be compared against a known template (or templates). If enough of the minutae points match, then your fingerprint is judged to be a match. A minutae is a point where a ridge ends or branches. It's a statistical match, usually with parameters configurable by the application. A match might be when say 18 out of 20 minutae are "close enough". It has to be this way because people put their fingers down differently each time, they might have a cut on the finger which creates a new "minutae" or obscures an old one, or their finger or the scanner might be dirty. In the U.are.U system, the templates can't be stored strongly encrypted with a passphrase, because then you'd need to type in a passphrase to unlock your biometric in order to authenticate with your finger, which would clearly be silly. So, the template has to be stored in the clear, or encrypted with a key that's embedded in the U.are.U software and hidden using the usual software tamper-resistance techniques.... which of course can be cracked, allowing the attacker to replace the template with his own. Worse, you can't store anything in a scan/template other than biometric data. So where's your blowfish key? Encrypted with a key stored in the U.are.U program and stored on disk? Is it a function of your biometric? (unlikely, as biometrics change and Digital Persona doesn't want to lock you out of your files if you cut your finger). My guess is that the blowfish key is encryped with a key that's embedded in U.are.U. Again, that can most likely be discovered with standard hacking techniques. I think that it's likely that U.are.U is in reality much weaker than the 128-bit Blowfish key size would suggest. -- Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5