P2P-Zone - View Single Post - Peer-To-Peer News - The Week In Review

pod · 07-08-03, 02:47 PM

I don't doubt the scanners are getting more sophisticated and reliable. The particular one I have references for was the regular end-user or office building/airport type fingerprint scanner. Not only are they not reliable (fairly high false positive/negative ratios), but the guy lifted someone's print, etched it and took a gelatin mould, and put it over his finger. Biometric auth is convinient, as you always have the necessary info on you

but it can also be used easily without your permission.

A pretty cool password-based solution is something we use at work to authorize to systems and network devices. They're little key-chain fob-thingys, SecurID, and it works like this:

- The fob changes a passcode on a regular basis (every minute) using an algorithm that is based on some seed known to the fob and the authenticating system.
- The auth server's time is synchronized with the fob's, so at any given time the passcodes on both ends are the same.
- When you log in, it asks for your username and passcode. The auth server knows that this user name has a SecurID token, and what its current passcode is, so it can authenticate you.

The neat thing is that it's like a constantly changing password, and it can't be brute forced. If it is (you can also give it to someone over the phone) it expires in few seconds anyways. It works with system authentication systems that use a plug-in architecture (Linux, Solaris, Cisco, NT, etc), so you don't need any special hardware to scan your eye ball or something like that. It's still the 'something you have' variety of authentication, so it can be taken away or used without your permission, but it's not too bad a compromise.

07-08-03, 02:47 PM	#6
pod Bumbling idiot Join Date: Feb 2002 Location: Vancouver, CA Posts: 787	I don't doubt the scanners are getting more sophisticated and reliable. The particular one I have references for was the regular end-user or office building/airport type fingerprint scanner. Not only are they not reliable (fairly high false positive/negative ratios), but the guy lifted someone's print, etched it and took a gelatin mould, and put it over his finger. Biometric auth is convinient, as you always have the necessary info on you but it can also be used easily without your permission. A pretty cool password-based solution is something we use at work to authorize to systems and network devices. They're little key-chain fob-thingys, SecurID, and it works like this: - The fob changes a passcode on a regular basis (every minute) using an algorithm that is based on some seed known to the fob and the authenticating system. - The auth server's time is synchronized with the fob's, so at any given time the passcodes on both ends are the same. - When you log in, it asks for your username and passcode. The auth server knows that this user name has a SecurID token, and what its current passcode is, so it can authenticate you. The neat thing is that it's like a constantly changing password, and it can't be brute forced. If it is (you can also give it to someone over the phone) it expires in few seconds anyways. It works with system authentication systems that use a plug-in architecture (Linux, Solaris, Cisco, NT, etc), so you don't need any special hardware to scan your eye ball or something like that. It's still the 'something you have' variety of authentication, so it can be taken away or used without your permission, but it's not too bad a compromise.