Proposal: Personal Data Encryption (maybe SoC?)
henryk at openmoko.org
Sun Mar 18 20:35:43 CET 2007
Am Sun, 18 Mar 2007 18:40:26 +0100 schrieb danimanns at gmx.de:
> I would appreciate a fingerprint sensor - there are a lot of Asian
> mobile phones / smart phones
> with a fingerprint sensor...
Yeah, but a fingerprint sensor adds only convenience and no security
at all. starbug regularly demonstrates circumventing any fingerprint
sensor on the market (last was the sensor in IBMs Thinkpads, see
some older material in english at
Plus: it doesn't solve the underlying problem: A fingerprint sensor
might give you authentication (comparable in strength to a numerical
3-digit PIN without retry counter) but can't give you a decryption key.
At least it's not obvious to me how one would derive a key with
sufficient entropy from the sampled fingerprint data. Biometric
authentication always works with some fuzziness factor. Encryption
doesn't allow any fuzziness.
Grüße aus Berlin
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
More information about the community