Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
News

Linux And Biometrics (Redux)? 4

Posted by Cliff from the let's-try-this-question-again dept.
An Anonymous Coward asks: "Does anyone out there have current information on the use of biometrics with Linux? There was an article in the Linux Journal, but it was more of an introduction to the topic than a discussion of the state of development. Are there any biometric products that have decent Linux drivers for them? If so, is anyone currently using them to replace password authentication?" We last touched on this subject last May with little commentary on the subject. Has a year made any difference?
This discussion has been archived. No new comments can be posted.

Linux and Biometrics (Redux)? More

Linux and Biometrics (Redux)?

Comments Filter:

  • No! No! Baad Designer, No Biscuit! (Score:3)

    by human bean ( 222811 ) on Wednesday October 18, 2000 @03:26PM (#694406)
    Don't build systems that use biometrics for authentication.

    Anytime you make a system that distributes real value (money, information, control) in exchange for authentication (bio or otherwise) you, as a basic safety feature, must ensure that the authenticating method and device can be handed-off to anyone in functioning condition.

    To do otherwise is to invite coersion of the authenticating individual. You have to be able to take the smart-card (or whatever) out of the wallet, lay it down on the ground, tell the coercer the codes, and then back away. As funny as it may seem in our movie-plot-soaked society, most criminals (or professionals, depends on who is doing the coercing...) are only interested in your assets, not you personally. Once they have what they came for, the rest is none of their concern. Muggers would rather be whacking your card for cash and moving on than beating you up (there are exceptions).

    Don't think that body parts are sacred. "I don't need you, I only need your thumb...", and systems that require a living bioauthenticator are the worst (ugly image of what people will do to somebody else for twenty thou tastefully not inserted here).

    This is not to say that biometrics are not useful. I for one would love to view 3-d images made by a computer that measured your pupil distances and adjusted the display accordingly. Or which figured out who I am, so as to route my telephone calls to whichever room I am in.

  • ...at least when it comes to retinal patterns. Any (well, most, I guess - I'm not an expert) damage that might be incurred to an eyeball by forcefully removing it would probably disrupt the retinal patterns enough to make any attempt to use an extracted eyeball for identification fail. (one of the many problems I had with the movie Demolition Man...)

    Then there's voiceprint - but only for less secure stuff where there's very little chance of a high quality recording being made covertly.

    Yes, for less hi-res scans like thumbs and palms, there's much room for dismemberment...
  • Actually, what is measured in most "retina pattern" scanners is the venous system at the back of the eye. Reduction in fluid pressure after removal from the orbital cavity causes severe distortion of these, producing an invalid scan. So does very low blood pressure, especially after dismemberment of the head, or death of the individual. High blood pressure has the same effect, as in the case of one engineer who couldn't get back into the work area after a management meeting

    You need the whole individual, in working order. Thus, you must convince him or her to cooperate. Nothing elaborate. Simply threaten family or friends, cause some pain, confuse them sufficiently, use drugs, black bag over the head and show them some high places, keep them awake for three or four days, or use the traditional two big guys and a knife at the throat.

    When the question is put to you or yours in this manner, the answer is that nothing you work with or own is worth the price. Don't think it doesn't happen.

    Besides, the security folks would rather have you safe, in one piece, and ready to report the damage.

  • I am a fingerprint expert and linux user since 1994. It is my current job to make fingerprint
    processing work on all sorts of systems.

    Since I develop under linux, I try make sure linux
    is a supported platform for much of my company's software. Therefore, the algorithms that
    authenticate users are indeed runnning under linux.

    However, we do not have productized linux drivers for our hardware yet (and it's difficult to make
    a solid business case to spend the money) but
    I'd be willing to provide specs to volunteers who'd like to write one.

    For this reason, most of the linux installations are server-based with Windoze clients. There is even
    one company experimenting with a Beowulf cluster.

Slashdot Top Deals

"There is such a fine line between genius and stupidity." - David St. Hubbins, "Spinal Tap"

Close