(keitai-l) Re: Jelly finger fools biometric sensor

From: Kenneth G. Mages <ken_at_mages.tv>
Date: 12/09/02
Message-ID: <000401c29f86$c99626d0$6601a8c0@Ken>
Feel free to visit my ugly personal website at www.mages.tv to see my
personal expertise on encryption.  I read Bruce's newsletter regularly
and it is excellent.  

I would expect anybody selling anything to tell me what is good about
what they sell, and gloss over the deficiencies.  All in all, I would
trust the seriousness of the biometric fingerprint reader more than most
of the answers I read here.  Remember, my original question was about
the COST of chips, not the ability to fool them with sticky gummy bear
fingers.

"This email was checked by Norton's AntiVirus before sending."


-----Original Message-----
From: keitai-l-bounce@appelsiini.net
[mailto:keitai-l-bounce@appelsiini.net] On Behalf Of Curt Sampson
Sent: Sunday, December 08, 2002 6:46 PM
To: keitai-l@appelsiini.net
Subject: (keitai-l) Re: Jelly finger fools biometric sensor



On Sat, 7 Dec 2002, Kenneth G. Mages wrote:

> Sorry, this is the opposite of substantiation.  I got my answer from 
> www.authentec.com

Authentec manufactures and sells biometric sensing devices, particularly
fingerprint devices. Their interest is not in telling you the truth;
their interest is in making you buy their stuff, regardless of how well
it works (or doesn't work).

Their site hardly even discusses security, and their "About Us / The
Technology" section indicates in a general way that their product is
intended to provide convenience, not any sort of additional security.

There's certainly no discussion at all about how fingerprint sensors are
defeated, which should set alarm bells ringing right away if you're
looking for any sort of security analysis. *Every* security system can
be defeated, and if you're not being told how, you're not getting the
full story.

Anyway, this is getting seriously off-topic, so I'll leave this now. If
you want to know more about security, I'd start by reading through the
archive of Bruce Schneier's _Cryptogram_ newsletter, found at the URL
below. He discusses computer security and security products in general,
and has some particular discussions about biometric systems.

    http://www.counterpane.com/crypto-gram.html

cjs
-- 
Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC
Received on Mon Dec 9 15:39:12 2002