cypherstar wrote:
>
> : And the advantage of using this over using passphrases is what, exactly?
>
> Well biometrics have some nice properties that make them hard to
> forge or lose, but the one of the problems schneir points out is that
> if your biometric data is kept in a database and that is compromised,
> its a lot worse than a password database being compromised, because
> you can't be issued with a new face, or fingerprint etc.
Another point I consider to be even more significant is that I'd rather
keep my fingers, eyes, face, etc., and making them a target for theft is
not my idea of a good way to ensure that!
> I was wondering if there is a protocol that can keep the data in the
> database blinded, so that if it is stolen, it is useless.
>
> The blinding factor could be in a smart card, or passphrase dependent
> or both, adding another level of security.
OK, so now you've got it set up so that the _only_ way to pretend to be
me is to steal my fingers and my passphrase.
> I am unsure if it is feasible, of if it resolves to a 'trusted
> client' type situation, where at some stage the biometric must be in
> the clear.
Unless you can think of a way of doing blinded measurement, at some
point it'll be in the clear. And, whatever, I'll have to avoid touching
anything, ever (or looking at anything, or showing my face, or whatever
it is you are planning to expose to all this risk).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
