On Sunday 23 July 2006 10:56 am, Abhishek Daga wrote: > --- Devdas Bhagat <[EMAIL PROTECTED]> wrote: > > WTF! I have no desire to have my promisciously available > > biometrics stored as identity mappings anywhere. > > * Considers moving to the Himalayas and becoming a monk * > > This concern has cropped up more than once with a diverse group of > people about having their biometric information stored somewhere > and open to abuse. > While on the face of it this concern may seem reasonable, I do not > see how different it is than having your signature, Pan card, > Social security number (in case of US ofcourse) stored in a number > of places as they all are open to abuse. True biometric is "more" > fool proof.. but...
Rubbish. It depends on black magic algos for converting visual info to an electronically usable form. Many use non visual info like blood vessels in the finger / eye claiming that since this info is not accessible from a person easily it is difficult to compomise.Then it is stored somewhere in the universe with u having to trust the agency responsible for the info. This info is now in an easily replicable and distributable form and therfore has completely different vulnerabilities Many use non visual info like blood vessels in the finger / eye claiming that since this info is not accessible from a person easily it is difficult to compomise, forgetting that this is true only if the info stays in the human body and that the compomiser is un co-operative. The latter is the biggest loop hole in all authentication systems. Black magic and security by obsvurty is the hall mark of closed source. It is most important to have llbre software for id/auth software. Never ever trust software that u cant see and experiment with for security. > > I am quite interested in knowing more about the implementation for > such an authentication system. (does not have to be open source, > though preferred) Black magic and security by obscurty is the hall mark of closed source. It is most important to have llbre software for id/auth software. Never ever trust software that u cant see and experiment with for security. > > The "client" is a physician who would like to have a better "sign > in " mechanism than paper/pen. The idea is to have all the patient > information pull up moment the person authenticates via such a > biometric control mechanism. It depends on what level of security he is interested in and wether his system is "public" accessible. > > For just testing purposes, if someone can suggest a lower end > product then I would like to invest in it and see if I can get it > working with the (L)AMP configuration. The sensors are very cheap. The electronics are not that expensive either. But fool profing the system particularly in critical infrstructure requires considerable skill and expense. -- Rgds JTD -- http://mm.glug-bom.org/mailman/listinfo/linuxers
