fli+freebsd-hackers at shapeshifter.se
Tue May 9 13:46:37 UTC 2006
Pawel Jakub Dawidek wrote:
> On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote:
> +> Alin-Adrian Anton wrote:
> +> >Fredrik Lindberg wrote:
> +> >>
> +> >>But that would sort of defeat the whole purpose of biometric authentication and you could really just use public keys instead
> +> >>which would be a lot faster and easier than scanning your finger
> +> >>at each login. :)
> +> >>
> +> >Unless you locally encrypt your private key with information gathered by the fingerprint reader, as a "password".
> +> That's exactly the problem with, at least, UPEKs driver. If you scan
> +> one of your fingers twice you'll get two "different" BioAPI records.
> That's right, but the idea with asymmetric crypto is very accurate.
> Such fingerprint reader should have a "secure chip" with your private
> key and on authentication, you should provide data from your finger scan
> and data to sign - on match, it should return signed data, which you can
> use to continue authentication process.
Ah, yes with support from the hardware that would certainly be possible.
But I was more or less referring to the current state of UPEKs hardware
and (binary only/closed source) drivers.
More information about the freebsd-hackers