On Wednesday 03 December 2003 15:32, Manoj Srivastava wrote: > An even better security guideline is "something you are" -- so > should we not spring for retinal scanners/fingerprint readers/other > buiometrics? I mean, we _are_ talking about other peoples money. :P
However 'something you are 'always gets turned into 'something you are
not' (in electronic form) which can be copied, and be re inserted between the
end point and the biometric device. One advantage to smart cards that i think
may have been missed in the discussion (correct me if im wrong) is that not
all the information leaves the device, they actually do processing on the
smart cards themselves and it is physically difficult (i.e cant be done in a
non detectable way) to read the keys protected in this manner. Its more
complicated than this in reality but that kind of gives the jist of why smart
cards are _much_ better than magnetic strips for instance.
Tom
--
^__^ | Tom Badran
(oo)\______ | Imperial College
(__)\ )\/\| Department of Computing
||----w | | -----------------------
|| || | Using Debian SID
pgpwrVEhZvy8M.pgp
Description: signature
