On 24/05/2020 21:39, Mark wrote: > I know there are other options maybe even some that use > biometrics to decrypt the database.
I am very wary of biometrics for authentication purposes. There are so many examples where the vendor assured us it was working really well, and researchers easily cracked the system by using a photo, or photocopied fingerprints they lifted off a glass or even more funny from the fingerprint reader itself. That's for authentication, where only non-reproducability is vital. For encryption, it's much worse, because you need a lot of entropy for that to ward off offline attacks. And biometrics just doesn't have that much entropy. And both share that there is no recovery from compromise. If somebody learns your passphrase, you change it, tracking down all backups and changing them as well. That might be a little painful. If somebody manages to copy your biometrics, you can't change them. You could erase your fingerprints by taking a job processing pineapples on a daily basis. And you could get plastic surgery for your face, but that really puts the painful in "it's so painful to change your passphrase everywhere"... HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
