From: Mark Day (markday@cisco.com)
Date: Mon Jun 26 2000 - 13:03:24 PDT
> That doesn't make any sense. Your password was being used by a hacker
> from "outside" to get access to the "inside" (server). Once they were
> able to use it you had to change it. But that obviously can't happen
> with biometric- they can't "use your iris" in a non-James-Bond world.
> They only attack (assuming we are not talking about things like cutting
> off hands or eyes) is to reprogram the server-side to accept the hacker's
> password/iris instead of yours. So yes the biometric system still has a
> weak link, but only one. Password-based systems have two weak links
> since the client side can also get hacked.
Some device reads my eye, right? After that there are bits representing my
eye. Those bits can be compromised like any other bits (fill in your
favorite attack on passwords here).
After someone steals my password bits, I can create new bits to go through
this process by entering a new password. But I can't readily create new
substitute bits if the whole point of those compromised iris-based bits is
that they could be generated *only* by my eye, via some hardware that I
can't change.
--Mark
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 12:55:38 PDT