: And the advantage of using this over using passphrases is what, exactly?
Well biometrics have some nice properties that make them hard to
forge or lose, but the one of the problems schneir points out is that
if your biometric data is kept in a database and that is compromised,
its a lot worse than a password database being compromised, because
you can't be issued with a new face, or fingerprint etc.
I was wondering if there is a protocol that can keep the data in the
database blinded, so that if it is stolen, it is useless.
The blinding factor could be in a smart card, or passphrase dependent
or both, adding another level of security.
I am unsure if it is feasible, of if it resolves to a 'trusted
client' type situation, where at some stage the biometric must be in
the clear.
