BioAPI and networks
Bill McGonigle
bill at bfccomputing.com
Thu Feb 1 10:24:05 EST 2007
On Jan 31, 2007, at 12:26, Thomas Charron wrote:
> What I'd LIKE to be able to do is have Samba or some other
> authentication
> server for network based authentication without having to individually
> enroll fingerprints to each Windows laptop, as well as enroll them
> under
> Linux.
>
> Anyone have any experience with this?
I looked into this enough to decide not to do it. It's not
impossible, just too hard to be worthwhile.
Rarely does anybody store an image of a fingerprint and do an image
comparison for authentication. They do feature extraction, and then
a fuzzy match. You tune the fuzzy match for your preferred false
positive/false negative rate. Most vendors have their own algorithm,
so interop is hard (at least a few years ago). That part killed it
for my project.
Feature extraction is also good for privacy concerns.
> Looking into it more later on tonight. Just too addicted to a simply
> finger-swipe to authenticate locally.
Remember, any good authentication system consists of two of the
factors: (something you have, something you know, something you
are). Single-factor authentication is typically easily defeated.
For instance, if you have a laptop with a fingerprint reader, odds
are pretty good somebody can create a false finger from another print
on the case for about $10 (cost, not what the 'recover' expert will
charge you). The easy technique uses fingerprint dust, a digital
camera, photoresist etching on a pcb blank, and some gelatin.
A fingerprint with a PIN is much much better. If you have a 5-digit
PIN and a 4-strikes-and-you're-out password policy, the odds are only
1 in 2500 that someone with the above gear can get into the computer.
Assuming you've got hardware support and can't pull the drive, but
that's a different thread.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list