Vasily Khoruzhick ha scritto: > Try latest git version ;) It compares just scanned finger with all enrolled
I was looking at it, trying to understand. IMO it's a really low-security default just for a marginal gain in usability. Identification (1-N) is much more error-prone than verification (1-1). It could be useful just to avoid username entry, if PAM allowed it... Remember that every non-swipe reader keeps an image of the last acquired print that's quite easily useable by an attacker. What I'd recommend is making it a non-default option. I'm thinking about something like "fingers=0AR" to ask for left thumb (0), one "user-chosen" (A=Any), and a "system chosen" (R=Random) fingerprint (just to cover the possible values). Current GIT default would be "fingers=A", a more secure one would be "fingers=RR" or "fingers=R1" (so that latent image is always left index and it won't be used for anything else). But the key point is that root should have broadest control on what happens. BYtE, Diego. _______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
