OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Eric F Crist (ecristadtechintegrated.com)
Date: Wed Jun 19 2002 - 13:30:56 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    It's apparent that this conversation could go on forever. It is also
    apparent that Ryan Thompson (original poster) is in search of a 100%
    fool proof method of authentication, which all of us know doesn't exist.
    Basically, we all seem to have come to the consensus that:

    1) Password security is not perfect due the inability of most
    people/users of data networks to remember and conjure up difficult,
    complex, or hard to guess passwords.

    2) Biometrics is not a fool proof method of authentication and there are
    ways to trick these devices.

    3) The generally agreed upon method for the most secure method of
    authentication over a seemingly insecure data network would be to
    combine a multitude of different technology, all dependent on each
    other.

    Eric F Crist
    President/Sys Admin
    AdTech Integrated Systems, Inc
    http://www.adtechintegrated.com

    -----Original Message-----
    From: owner-freebsd-securityFreeBSD.ORG
    [mailto:owner-freebsd-securityFreeBSD.ORG] On Behalf Of twig les
    Sent: Wednesday, June 19, 2002 12:19 PM
    To: graham; freebsd-securityFreeBSD.ORG
    Subject: Re: Password security

    --- graham <grahamavint.net> wrote:
    > It's alot easier to fool Biometrics than you think.
    > I saw an episode of discovery on The Discovery
    > Channel's Canadian channel
    > explaining how a mathematician and some grad
    > students could fool all the current
    > commercial biometric systems with common household
    > items available from any
    > supermarket. But I don't fully remember the details
    > of that paticular episode.
    >
    >

    I don't doubt it (although I missed the special), but
    I don't know anyone who advocates the use of
    biometrics as the sole method of authentication (US
    airport security aside...). Most of the time I've
    used them you either needed a badge with it, or a
    badge/PIN combo. The addition of biometrics to a
    badge or badge/PIN combo -even if it was tuned to give
    more false positives than negatives- makes a huge
    difference.

    So what interests me is could these guys beat the
    handprint reader WHILE they have a stolen/forged
    smartcard AND someone's PIN code (all matching the
    same person of course)? If they can do that then my
    hat is off to them and they should be Sneakers 2.

    =====
    -----------------------------------------------------------
    Only fools have all the answers.
    -----------------------------------------------------------

    __________________________________________________
    Do You Yahoo!?
    Yahoo! - Official partner of 2002 FIFA World Cup
    http://fifaworldcup.yahoo.com

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message