data encryption + Biometric security
Robert Michel
openmoko at robertmichel.de
Thu Feb 1 18:41:00 CET 2007
Salve Ben!
First it sounds a very smart idea to have biometric security,
but sorry, when I give you some sceptical feedback.
On Thu, 01 Feb 2007, Ben Burdette wrote:
> Here are a couple of items for the phone wish list: data encryption and
> biometric security.
Biometric "security" wasn't discussed by the OpenMoko community yet,
I'm no crypto expert, but I'm not convinced that biometric worth
the hardware... see:
http://www.ccc.de/biometrie/fingerabdruck_kopieren
When somebody wants to play with biometric "security" the Neo1973
could be used for voiceanalysing - Print 7 random words to the
screen and the user has to read them aloud ...
> I'd like the phone to be a secure place for me to
> store passwords and similar information. Are there plans to have some
> security features like this, that would prevent someone from extracting
> secure data from the phone if it was lost?
A file could have an encrypted filesystem, acess is given
only for a while and only while GPRS connection is on.
If it is lost, use Internet or an asterisk server to
unmount this file.
> Having a fingerprint scanner would be more of a convenience feature so I
> wouldn't have to enter a password whenever I want use the phone, or
> alternatively when I want to access encrypted data.
Sounds nice, but I have doubts that a fingerscanner is given
real security.
I will going to play with my (Debian) Crytoflex card, but
not to make access more easy - to make it more secure.
So when I have to lost both - my Neo and my Cryptotoken.
projectblackdog.com costs 199US$+Chiping for me to expensive.
But this is just my 2cents....
When somebody has such a finger scanner and likes to make it
running with OpenMoko would be fine - but expect also some
feedback that the fingerscanner concept is not so secure as
it looks like:
google "finger scanner site:www.schneier.com"
Greetings,
rob
More information about the community
mailing list