Proposal: Personal Data Encryption (maybe SoC?)
hansmbakker at gmail.com
Mon Mar 19 00:56:51 CET 2007
Using fingerprint sensors will make the phone look less good IMO
Can't a gesture-based authentication be used? I mean swipe a certain
pattern with your finger on the touchscreen.
2007/3/19, Steven Milburn <steven.milburn at gmail.com>:
> Oh the fingerprint sensor FUD, what fun.....
> First, if one concedes that the typical sensor can be easily fooled, I still
> think fingerprint sensors tend to add security to most phones. That's
> because I think most users cannot be bothered to hide data behind a decent
> pass phrase they would have to type on a tiny keyboard. Joe Average is much
> more likely to adopt a concept that works something like: Swipe one of your
> eight fingers (up, down, left, or right) (thumbs can be dexterally
> difficult) and you are authenticates and one of 32 pre-selected actions
> happens (call a speed dial, open email, open calendar, etc).
> A more secure mechanism that no one uses is less secure than an "inferior"
> one that people will actually use.
> But, I wouldn't actually concede that a fingerprint sensor is necessary less
> secure than a typical password. These days some can be very difficult to
> spoof. Almost no swipe sensor targeted to cell phones is an optical sensor
> these days. The common, cheap ones use capacitive sensors. The better ones
> use active RF sensing, with sophisticated anti-spoof measures built-in.
> Some of the more advanced sensors even have the ability to securely store
> keys right on them, and some even have the ability to encrypt/decrypt data
> for you once you authenticate, with the keys never leaving the sensor.
> I say all this just to try to clear up some of the FUD. But, I realize full
> well that suggesting fingerprint sensors is in no way an answer to the
> security question on the Neo. I don't even think it makes sense to push for
> a fingerprint sensor to be included in the hardware rev, because there are
> better things to concentrate on at this point (wifi).
> On 3/18/07, Ian Stirling <openmoko at mauve.plus.com> wrote:
> > Henryk Plötz wrote:
> > > Moin,
> > >
> > > Am Sun, 18 Mar 2007 18:40:26 +0100 schrieb danimanns at gmx.de:
> > >> I would appreciate a fingerprint sensor - there are a lot of Asian
> > >> mobile phones / smart phones
> > >> with a fingerprint sensor...
> > >
> > > Yeah, but a fingerprint sensor adds only convenience and no security
> > > at all. starbug regularly demonstrates circumventing any fingerprint
> > It can add some security, especially against most opponents that are not
> > going to bother to try to fake the print.
> > For example, four fingers, scanned either upwards or downwards gives you
> > 8 'keys'. If you add a 90 degree rotated finger, that gives you 4*4 = 16
> > keys.
> > And as the sensors are typically designed as a 256*4 or so camera, you
> > can basically do an optical mouse with them, in reverse, using the
> > finger as a 'surface', to add gestures in the middle of the prints.
> > _______________________________________________
> > OpenMoko community mailing list
> > community at lists.openmoko.org
> > http://lists.openmoko.org/mailman/listinfo/community
> OpenMoko community mailing list
> community at lists.openmoko.org
More information about the community