Proposal: Personal Data Encryption (maybe SoC?)
Henryk Plötz
henryk at openmoko.org
Sun Mar 18 20:35:43 CET 2007
Moin,
Am Sun, 18 Mar 2007 18:40:26 +0100 schrieb danimanns at gmx.de:
>
> I would appreciate a fingerprint sensor - there are a lot of Asian
> mobile phones / smart phones
> with a fingerprint sensor...
Yeah, but a fingerprint sensor adds only convenience and no security
at all. starbug regularly demonstrates circumventing any fingerprint
sensor on the market (last was the sensor in IBMs Thinkpads, see
http://events.ccc.de/congress/2006/Fahrplan/events/1578.en.html or
some older material in english at
http://www.ccc.de/biometrie/fingerabdruck_kopieren?language=en).
Plus: it doesn't solve the underlying problem: A fingerprint sensor
might give you authentication (comparable in strength to a numerical
3-digit PIN without retry counter) but can't give you a decryption key.
At least it's not obvious to me how one would derive a key with
sufficient entropy from the sampled fingerprint data. Biometric
authentication always works with some fuzziness factor. Encryption
doesn't allow any fuzziness.
--
Henryk Plötz
Grüße aus Berlin
~ Help Microsoft fight software piracy: Give Linux to a friend today! ~
More information about the community
mailing list