Brandon Ehle escreveu: > > Depending on what you are using it for (fingerprint security) > receiving random PNG files and feeding it to the library could be a > security hole. Nobody would claim that fingerprint security is very > secure, but without some sort of challenge / response there is no way > to guarantee that the image being fed into fprint was actually > captured from the device it was supposed to have been captured from > and on the other side there is no way to guarantee that the image is > being transferred to a man in the middle attack.
That sound like a good idea, "some" program connects safely and than can take a .PNG and feed it to fprint. I could easyly make a system over that.... > In this case, I > think it would make more sense to create a secure link between two > copies of libfprint directly rather than feeding it uncompressed > images. It is still not completely secure, but it is still better > than unencrypted PNG files floating around the network. - Does libfprint have that security? - .PNG is compressed, I gess that you meant encrypted ;) - there are sefe ways of storing my information. That is the user problem, and I don't like programs to tell me that I don't know what I am doing so it cannot be done "for security reasons" > Of course > unencrypted image data crossing the USB bus isn't very secure either. Yes, and that is what is happening... And my fingerprint is stored in lots of unsafe place already and that is well beyond my control :( Anyway, fingerprint by itself is not secure at all, it shoud be used as an aditional verification... Alain _______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
