two factor authentication

William Ahern william at 25thandClement.com
Wed Jul 26 07:30:04 EST 2006


On Tue, Jul 25, 2006 at 05:19:36PM -0400, Chris Rapier wrote:
> 
> 
> William Ahern wrote:
> 
> > You can copy a PIN, but with biometric smart cards, which would require, for
> > instance, a fingerprint scan, you have an extremely strong security device
> > with hard limitations. A smart card can still be exploited (i.e., stealing
> > and chopping off a finger, for instance), but since it can't be copied it's
> > faaaaarrrrrr easier to mitigate the effects of attacks than w/ most any
> > other mechanism in use today.
> 
> This is true but its *only* strong if the person trying to get access 
> isn't *really* motivated. If they are motivated its not going to stop 
> them and they'll have all the time they need. Like you said, chopping 
> off a finger is a possibility. More likely they'd just beat/torture you 
> to get access. We tend to discount that as being unlikely. I'm not so 
> sure it will remain that way. The 'panic' code idea is a good one though.

It's not just the fingerprint that can't be copied, it's the card itself.
But the important bit is that the exploit is self-limiting. You can collect
millions of passwords to e-mail accounts, or millions of credit card
numbers, and a criminal has the utmost flexibility to do his crime while
eluding the law. Not so w/ a smart card.



More information about the openssh-unix-dev mailing list