--
At 04:39 PM 6/22/99 -0400, Dan Geer wrote:
>
> Do you imply having a machine with PCR's for some unique
> string in the authenticator's DNA? I see two problems.
> First, twins. Second, it's possible to grow DNA from
> fingernail clippings, hair, etc. It would be like
> habitually writing your password down on everything you
> touched :-)
>
> 1. quoting Schneier verbatim, "BIOMETRICS ARE NOT SECRETS"
>2. for the ordinary Joe, never understimate the lure of
> convenience
There are a host of cool little computers on a button that
can do public key operations. They can fit on a key ring,
and some of them on a pinky ring. They can be used to open
electronically controlled doors for secure access.
The great weakness of these wonderful gadgets is that they
cannot tell the user what he is signing, or what he is
decoding.
For this to be truly secure, the hardware in the computer
that talked to the button would have have its ROM code take
over the computer display to display to the user what he was
signing, or what he was decoding.
Trouble is, it would still need to use the same video drivers
as everyone else, but it is likely to be kind of hard to
deploy a trojan video driver, as most operating systems, for
example NT, have special case arrangements for installing
video drivers.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
U20SaZ235QUB5lUnY24ItVsiUbFEzExg6PPMj8V+
489/PK+GY0K4sifcQETcgjkW0sBCGhdVpVz7Tdvyz