data encryption + Biometric security

[Robert Michel]

Salve Ben!

First it sounds a very smart idea to have biometric security,
but sorry, when I give you some sceptical feedback.

On Thu, 01 Feb 2007, Ben Burdette wrote:

> Here are a couple of items for the phone wish list:  data encryption and 
> biometric security. 

Biometric "security" wasn't discussed by the OpenMoko community yet,
I'm no crypto expert, but I'm not convinced that biometric worth 
the hardware... see:
http://www.ccc.de/biometrie/fingerabdruck_kopieren

When somebody wants to play with biometric "security"  the Neo1973
could be used for voiceanalysing - Print 7 random words to the 
screen and the user has to read them aloud ...

> I'd like the phone to be a secure place for me to 
> store passwords and similar information.  Are there plans to have some 
> security features like this, that would prevent someone from extracting 
> secure data from the phone if it was lost? 

A file could have an encrypted filesystem, acess is given
only for a while and only while GPRS connection is on.
If it is lost, use Internet or an asterisk server to 
unmount this file.

> Having a fingerprint scanner would be more of a convenience feature so I 
> wouldn't have to enter a password whenever I want use the phone, or 
> alternatively when I want to access encrypted data. 

Sounds nice, but I have doubts that a fingerscanner is given
real security.

I will going to play with my (Debian) Crytoflex card, but
not to make access more easy - to make it more secure.
So when I have to lost both - my Neo and my Cryptotoken.

projectblackdog.com costs 199US$+Chiping for me to expensive.

But this is just my 2cents....

When somebody has such a finger scanner and likes to make it
running with OpenMoko would be fine - but expect also some 
feedback that the fingerscanner concept is not so secure as
it looks like:
google "finger scanner site:www.schneier.com"

Greetings,
rob