On Thursday 17 July 2008 11:58:07 you wrote: > Vasily Khoruzhick ha scritto: > > Try latest git version ;) It compares just scanned finger with all > > enrolled > > I was looking at it, trying to understand. > IMO it's a really low-security default just for a marginal gain in > usability. Identification (1-N) is much more error-prone than > verification (1-1). > It could be useful just to avoid username entry, if PAM allowed it... > Remember that every non-swipe reader keeps an image of the last acquired > print that's quite easily useable by an attacker. > > What I'd recommend is making it a non-default option. > I'm thinking about something like "fingers=0AR" to ask for left thumb > (0), one "user-chosen" (A=Any), and a "system chosen" (R=Random) > fingerprint (just to cover the possible values). > Current GIT default would be "fingers=A", a more secure one would be > "fingers=RR" or "fingers=R1" (so that latent image is always left index > and it won't be used for anything else). > > But the key point is that root should have broadest control on what > happens. > > BYtE, > Diego.
IMO it's quite inconvinient to scan multiple fingers. Do you think that regular user wants _really secure_, but inconvenient features? Btw, you're free to post your patches to the maillist ;) _______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
