Proposal: Personal Data Encryption (maybe SoC?)
steven.milburn at gmail.com
Mon Mar 19 00:49:04 CET 2007
Oh the fingerprint sensor FUD, what fun.....
First, if one concedes that the typical sensor can be easily fooled, I still
think fingerprint sensors tend to add security to most phones. That's
because I think most users cannot be bothered to hide data behind a decent
pass phrase they would have to type on a tiny keyboard. Joe Average is much
more likely to adopt a concept that works something like: Swipe one of your
eight fingers (up, down, left, or right) (thumbs can be dexterally
difficult) and you are authenticates and one of 32 pre-selected actions
happens (call a speed dial, open email, open calendar, etc).
A more secure mechanism that no one uses is less secure than an "inferior"
one that people will actually use.
But, I wouldn't actually concede that a fingerprint sensor is necessary less
secure than a typical password. These days some can be very difficult to
spoof. Almost no swipe sensor targeted to cell phones is an optical sensor
these days. The common, cheap ones use capacitive sensors. The better
ones use active RF sensing, with sophisticated anti-spoof measures
Some of the more advanced sensors even have the ability to securely store
keys right on them, and some even have the ability to encrypt/decrypt data
for you once you authenticate, with the keys never leaving the sensor.
I say all this just to try to clear up some of the FUD. But, I realize full
well that suggesting fingerprint sensors is in no way an answer to the
security question on the Neo. I don't even think it makes sense to push for
a fingerprint sensor to be included in the hardware rev, because there are
better things to concentrate on at this point (wifi).
On 3/18/07, Ian Stirling <openmoko at mauve.plus.com> wrote:
> Henryk Plötz wrote:
> > Moin,
> > Am Sun, 18 Mar 2007 18:40:26 +0100 schrieb danimanns at gmx.de:
> >> I would appreciate a fingerprint sensor - there are a lot of Asian
> >> mobile phones / smart phones
> >> with a fingerprint sensor...
> > Yeah, but a fingerprint sensor adds only convenience and no security
> > at all. starbug regularly demonstrates circumventing any fingerprint
> It can add some security, especially against most opponents that are not
> going to bother to try to fake the print.
> For example, four fingers, scanned either upwards or downwards gives you
> 8 'keys'. If you add a 90 degree rotated finger, that gives you 4*4 = 16
> And as the sensors are typically designed as a 256*4 or so camera, you
> can basically do an optical mouse with them, in reverse, using the
> finger as a 'surface', to add gestures in the middle of the prints.
> OpenMoko community mailing list
> community at lists.openmoko.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the community