PDA

View Full Version : Fingerprint readers















ozwinner
23rd May 2006, 09:47 PM
Are the all they are cracked up to be for security?
I read online that the code for them has been cracked.

Al :confused:

echnidna
23rd May 2006, 10:02 PM
Theres no writing on mine Al. :D

Seriously though nothing is absolutely secure.

It really comes down to the level of security.

chrisb691
23rd May 2006, 10:02 PM
I'm not an expert on these, but the reality is that if a knowledgeable person wants to get into your system...they will. But even NASA, and the Pentagon, can't neccessarily keep these individuals out. If you are talking about the average Joe, then they are probably relatively safe. But so is a password. I would think that they are probably more of a convenience thing.

Oh yeah. If you've got one, all a person needs is your finger. Whereas a dead body can't give out a password.:D

Grunt
23rd May 2006, 10:11 PM
The finger print technology has the advantage over passwords because

1. You can easily forget you password. You usually don't lose a finger. Maybe these arn't such a good idea for woodworkers.
2. Spyware which records which keys you've pressed won't be able to see you type your password.

Ashore
23rd May 2006, 10:29 PM
For every person inventing a new lock there are four working out a way to pick it
Can't rember where I read it Think it was Houdini :rolleyes:

echnidna
23rd May 2006, 10:34 PM
That reminds me, I must go and buy that book on how to pick a lock.

ozwinner
23rd May 2006, 10:36 PM
But would a fingerprint reader out wit a key logger?

Al :confused:

Gra
23rd May 2006, 11:28 PM
Depends on if you are a one finger typist:D:D:D

Seriously yes they would, as you havent pressed any keys for the key logger to record, another way to get around this is before you log onto any website have a word document, open with your passwords in it. then do a copy and paste. the key logger wont be able to link the keystrokes with the password...

Jut dont save the document anywhere.

Schtoo
24th May 2006, 01:56 AM
That reminds me, I must go and buy that book on how to pick a lock.

Why?

It's quite well known that the universal lockpick is a cordless drill with a 1/8" bit in it and a flat screwdriver... :o :D

(And here I am, having picked at least 2 supposed 'impossible to pick' locks without destroying them. :eek: )

echnidna
24th May 2006, 10:34 AM
Why?

It's quite well known that the universal lockpick is a cordless drill with a 1/8" bit in it and a flat screwdriver... :o :D

(And here I am, having picked at least 2 supposed 'impossible to pick' locks without destroying them. :eek: )

Yeah, I've opened a few locks that way,
but I must be doing something wrong,
they don't seem to work after the drill.

I need to be able to open rooms after people lock their keys inside. :eek:

swiftden
24th May 2006, 10:53 AM
Gee i could be stuffed with one of these!! but least it was only a little finger.
They are only as secure as the dumbest hacker!

Iain
24th May 2006, 11:24 AM
I worked with these briefly and found that the iris reader was more accurate and less prone to fraud, on the down side, it cost a hellof a lot more.
I lifted a print on tape and got it to read once, and I am not an expert!

Daddles
24th May 2006, 01:11 PM
If I used a finger print reader, it'd be just my luck to run that finger through the table saw :eek:

Richard

Pat
24th May 2006, 01:34 PM
Bob, haven't you got a master key :)

echnidna
24th May 2006, 02:57 PM
The master key system wore out years ago because as locks packed up they were just replaced with whatever was handy at the time.

Master Splinter
24th May 2006, 11:59 PM
Fingerprint readers are more for the illusion of security rather than actual security.

If a knowledgeable attacker (http://en.wikipedia.org/wiki/L0phtCrack) has physical access to your PC, your data is theirs - at least in Windows-land.

Some (Microsoft fingerpint reader, I'm looking at you) send the authentication in plain text rather than cyphertext.

Some have accepted the latent image left by the last user when it has been opaqued by breathing heavily on it.

Many fingerprint readers can be fooled by soft candies (http://www.forensics.edu.au/article.php?sid=123). (eat the evidence afterwards!)

Or you can make your fake print out of PVA adhesive (http://www.ccc.de/biometrie/fingerabdruck_kopieren.xml?language=en) so you can use it again and again.

Some people who handle rough or abrasive materials frequently (hello, woodworkers) or who have dirty skin may not have fingerprints that are clearly defined enough for reliable, repeatable identification with a fingerprint reader.

If you find it hard to remember decently strong passwords, one solution that provides a dictionary attack (http://en.wikipedia.org/wiki/Dictionary_attack) proof [/URL]password is to use the first letter from each word in the chorus of your favorite song.

For example, if your favorite song is "Now I wanna sniff some glue" by The Ramones, then the lyrics "Now I wanna sniff some glue, now I wanna have somethin' to do" gives you the password niwssgniwhstd - which is unlikely to be guessed by anyone!

Remember that all data protection can be bypassed with [URL="http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis"]rubber hose cryptanalysis (http://en.wikipedia.org/wiki/Brute_force_attack).

Iain
25th May 2006, 09:22 AM
I used to have access to the Social Workers and Union computer files when I was in the public service, my password at the time was deathtothesocialistleft , caused a bit of a stir when I got out and they needed access:D :D :D

Daddles
25th May 2006, 09:45 AM
I used to have access to the Social Workers and Union computer files when I was in the public service, my password at the time was deathtothesocialistleft , caused a bit of a stir when I got out and they needed access:D :D :D

Carl Marx would have been proud of you :D
... and if not him, Groucho Marx :rolleyes:

Richard

AlexS
25th May 2006, 10:11 PM
Son in law (cryptography PhD) cracked a print reader at a professional conference using latex false prints. Didn't crack the iris reader though, but believed it would be vulnerable to software hack if there was enough time.

journeyman Mick
25th May 2006, 11:44 PM
Alex,
was that the son-in-law that was with you when you were up this way? You should have told me of his talents, I would have taken him down to the local ATM to see a display of his skills! :eek: ;) :D

AlexS
26th May 2006, 02:21 PM
Alex,
was that the son-in-law that was with you when you were up this way? You should have told me of his talents, I would have taken him down to the local ATM to see a display of his skills! :eek: ;) :D
It was indeed, Mick. But he was probably too busy playing computer shoot-'em-up games.:rolleyes:

Sorry I haven't been in touch since I came back - bit busy. Was good to catch up with you & put a face to the name. Hope things are starting to dry out a bit Mick & Cliff.