Patrick Henry The Nym wrote:
> This would be a good issue to bring up with them directly. By the way,
> I asked them once how I could be sure there is no back door into the
> system. They merely said "there is no back door."
That's because you asked them the wrong question. You needed to ask them
"Ohhh, Nooo! I did something wrong setting up the system and I can't
get any of my data off my disk! Help me! Help me!"
phrased in some way that makes sense in the context of their user interface.
That's usually the best way to find the back door.
"My cat licked the U.are.U while I was initializing my secure disk!"
At 06:05 PM 04/18/2000 -0700, ericm wrote:
> > [U.R.U. has an encrypted-disk feature.]
>The problem that I have with the U.are.U system, and anything
>else like it, is that I can't see how to make it secure.
...
>In the U.are.U system, the templates can't be stored strongly encrypted
>with a passphrase, because then you'd need to type in a passphrase to
>unlock your biometric in order to authenticate with your finger, which
>would clearly be silly.
>
>So, the template has to be stored in the clear, or encrypted with
>a key that's embedded in the U.are.U software and hidden using
>the usual software tamper-resistance techniques.... which of
>course can be cracked, allowing the attacker to replace the
>template with his own.
If I were building a thing like that, I'd use public-key.
Have the U.are.U generate a public/private keypair,
store the private key in NVRAM/flash/etc., and only
hand the encrypted fingerprint material to the PC.
(You might be able to use secret-key, but I'm not sure.)
This does mean making the U.are.U module tamper-resistant,
but it _is_ a consumer device, not a KGB-proof device.
The more serious issue is making sure that the secret or public/private keys
are generated by the user, not by the factory,
which would be Yet Another Obvious Backdoor.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
