Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Software Linux

Fingerprint Recognition with Linux & IBM's T42 156

Michael R. Crusoe writes "UPEK, provider of popular fingerprint sensors to IBM's T42 notebooks and others, has announced that they will be providing a BioAPI compliant library to perform biometric authentication under GNU/Linux. Will Linux be the first operating system to have integrated biometric user authentication 'out of the box'?"
This discussion has been archived. No new comments can be posted.

Fingerprint Recognition with Linux & IBM's T42

Comments Filter:
  • Ahem, PAM (Score:5, Interesting)

    by nokilli ( 759129 ) on Monday July 11, 2005 @04:41AM (#13031404)
    I don't understand this. Isn't writing to PAM all you need to do to support authentication on Linux?

    They're talking about writing this whole framework for Linux called BioAPI, and then once that's done they're going to work on a BioAPI-to-PAM gateway, but that seems like way too much work.

    Why can't an authentication module simply maintain its own database to register the biometric data associated with each user?

    The way it is now, pam_unix.so does a one-way hash of the password you create and compares it with a one-way hash of whatever password you enter to log on, right? The password once stored is never stored in the clear.

    I get the fact that you can't do that with biometric data because the data never is exactly the same, i.e., the one-way hash of the fingerprint you use to create the account won't be the same as the one-way hash created as you log on. And to do the comparison otherwise you'd need to load the data into memory, which is like loading a password, which is bad.

    This is a really tricky problem.

    I just don't see why we need a new framework. Seems to me, we need a new kind of hash function.

    Why can't that go into pam_finger.so?
    • Re:Ahem, PAM (Score:3, Informative)

      by Libor Vanek ( 248963 )
      PAM is really great thing - you can even have "plaintext" passwords in *SQL database or whatever - so there is no need to change hash or anything. IIRC I've seen some biometric Linux solutions (using PAM) on some CeBIT show...
      • Re:Ahem, PAM (Score:4, Insightful)

        by nokilli ( 759129 ) on Monday July 11, 2005 @05:03AM (#13031455)
        Well, you know, you can even have plaintext passwords stored in world-readable text files you keep in /hack/me/now but why would you use PAM for this?

        The whole point I thought was to create a framework through which it would be impossible to recreate the user's authentication info.

        We do what you're saying and the next thing you know, I have your fingerprint, or even better, I've replaced your fingerprint with mine.
    • I suppose a solution is to have the reader use a normalizing algorithm of some sort so that every correct fingerprint from a particular user resolves to the same "password".
      • That is a problem that has yet to be solved. Fingerprint matching is a special case of image recognition, and image recognition is either really hard to do or really hard for us humans to describe to a computer how to do.
        • Re:Ahem, PAM (Score:5, Informative)

          by Libor Vanek ( 248963 ) <[moc.liamg] [ta] [kenav.robil]> on Monday July 11, 2005 @05:21AM (#13031503) Homepage
          AFAIK not - fingerprint is just "convert black&white image to curves, find markers (like end of "line", join of 2 lines etc.) and save relative position of these markers. In fact fingerprint "image" is usually a few 10s of bytes!
          • Re:Ahem, PAM (Score:2, Informative)

            AFAIK not - fingerprint is just "convert black&white image to curves, find markers (like end of "line", join of 2 lines etc.) and save relative position of these markers. In fact fingerprint "image" is usually a few 10s of bytes!

            Yes this true. It depends on the system used but the one i know works like this. Once aquired as a real image, a complex algorithm is invoked to convert the image into a set of coordinates, that represent different interesting points in the fingerprint.

            A match is a % of sa

          • by QMO ( 836285 )
            I see how that applies to fingerprint storage, but not recognition.

            Can you explain further.
            • That the fingerprint recognition is quite simple algorithm (compared t "generall computer image understanding" which is very very complex where you've to deal with colors, perspective, "intuition" etc.)
          • You mean that when you do a fingerprint database search you don't see the computer monitor flash 800 million fingerprints on the screen one at a time until it finds the match? You're not suggesting that the CSI guys are lying to us, are you?
    • Re:Ahem, PAM (Score:5, Insightful)

      by /ASCII ( 86998 ) on Monday July 11, 2005 @05:00AM (#13031450) Homepage
      The reason why making a general purpose API is better than hardcoding for a single use authentication algorithm is that you get:
      • Less lock in, since when the next generation of PAM killer comes along, the switch will be much easier.
      • Better portability to systems that don't use PAM. QNx, ReactOS, Windows, MacOS the world is a big place...
      • More uses for the software. Maybe you can use this fingerprinter together with a Firefox plugin to slightly increse the security of your bank transactions?

      If the above reasons are enough to warrant the extra layer of indirection, I do not know. But saying that there are _no_ advantages to making a general purpose API is plainly false. It's a simple tradeoff.
      • Re:Ahem, PAM (Score:2, Interesting)

        by Libor Vanek ( 248963 )
        Less lock in, since when the next generation of PAM killer comes along, the switch will be much easier.

        That's stupid. There is nothing like "PAM killer" on the horizont in next 1-2 years! And there is no need for it - AFAIK PAM architecture is very clever and there are none "system design limitations" (but I'm NOT PAM expert - if I'm wrong, please correct me!)

        Better portability to systems that don't use PAM. QNx, ReactOS, Windows, MacOS the world is a big place...

        AFAIK MacOS is using PAM (or not?). An
        • It can be a tough call sometimes, and the grandparent is right about the benefits of abstraction but I just don't think it applies here. Like you say, PAM still has life left in it and everybody is using it.

          Sometimes rolling your own API just adds to bloat.
          • Of course that if you write something like that you'll have some library with your "kind-of-API" (more or less public and stable). I just wanted to say, that there is no need to write something that will replace PAM just to get biometric API - and I don't think that IBM has done it.
        • That's stupid. There is nothing like "PAM killer" on the horizont in next 1-2 years!

          No, it's NOT stupid. The grandparent poster is right. I'm a network admin for a research center of about 300 people. We have servers running software that is 10 years old. We have servers that came online Friday. I'm trying to move the oldest software to retirement, but the user accounts and access rights are murder to migrate to anything new because those systems were never built to be modular.

          Remember Y2K? Two d
        • There is nothing like "PAM killer" on the horizont in next 1-2 years

          Maybe for someone your age, 1-2 years is a long time. However, in a large part of the real world, applications take 2-3 years to develop, and then have a life of 10-20 years, during which tiome, ALL the technology used during development becomes obsolete, and much of it is replaced, as part of "routine maintenance".

          Some of it isn't replaced, because the new hardware is worse than the old - hence the amount of 10 year old kit still in dai

          • Yeah - that's why I'm saying that there is nothing on the horizont. If something should become more widely usable in 2 years, we'd be seeing some beta realease, flame wars on /. why this is better/worse then PAM, people pushing this into Fedora Core 5 etc. right NOW.

      • PAM has been in use in multiple *nix environments for a long time. PAM will quite likely outlive the fingerprint-auth-fad. You write a simple interface library/module to get at the fingerprint reader, and from there you write on top of that a PAM module, Firefox plugin, etc. There's no need for whatever this overdone BioAPI thing is.
        • The problem is that there are a whole lot of vendors making these devices. Then there are a whole lot of operating systems, and a whole lot of applications which want to use these devices.

          So what you need in the middle is a cross-platform interface which the vendors can conform to, and the application developers can use.

          PAM is pretty far from cross-platform, and BioAPI's entire point is to be that "simple interface" to get at the readers.

    • Re:Ahem, PAM (Score:5, Informative)

      by nathanh ( 1214 ) on Monday July 11, 2005 @06:35AM (#13031703) Homepage
      I don't understand this. Isn't writing to PAM all you need to do to support authentication on Linux?

      No. For example, the OpenSSH server needs explicit support for GSSAPI to support Kerberos Single Sign On. That could not be done within PAM.

      • I'm pretty sure ssh can and does use pam_krb5. system-config-authentication, mention the KDC, /etc/pam.d/system-auth (included from /etc/pam.d/sshd) calls pam_krb5

        Why wouldn't it be able to?
        • I'm pretty sure ssh can and does use pam_krb5. system-config-authentication, mention the KDC, /etc/pam.d/system-auth (included from /etc/pam.d/sshd) calls pam_krb5 Why wouldn't it be able to?

          The design of Kerberos is that you have a client, a server, and a trusted third party called the KDC. The third party has a copy of your password. On the client you use your password to obtain a ticket from the KDC, without actually transmitting your password to the KDC. The ticket is then used to authenticate

          • You're saying pam_krb5 only gets TGTs, and doesn't use them to get service tickets? I think you may be right (it's been a long time since I've used kerberos but what you're saying sounds familiar).

            Thanks.
    • I get the fact that you can't do that with biometric data because the data never is exactly the same, i.e., the one-way hash of the fingerprint you use to create the account won't be the same as the one-way hash created as you log on. And to do the comparison otherwise you'd need to load the data into memory, which is like loading a password, which is bad

      It appears as though you're unfamilliar with the technology.

      At least with the fingerprint sensors I used (Authentec) the goal was to genearate a biom


    • Why can't that go into pam_finger.so?

      Well, you can have various modules handling 'password' management groups. For example, pam_pwcheck.so lets you have MD5 hashes and checks the passwords for uniqueness, against a dictionary, meets minimum security requirements, etc.

      Generally, though, things like pam_pwcheck.so can plug into things like the Linux CyrptoAPI; they don't have to handle MD5 hashes internally. In fact, I think that pam_pwcheck.so does use CryptoAPI if it's available.

      So that's where BioA

    • You're right about PAM, BTW.

      But there's no point using fingerprints for authentication. They've been widely discredited. Most commercial fingerprint readers can be fooled with a surgical glove filled with warm water. If you really wanted to you could print a replica of the print (which people tend to expose readily) but in most caes, the print from the last user is left on the device and you don't even need to.

      The only biometric I can see being remotely useful is data on fingernails (see boingboing recent
  • by Linker3000 ( 626634 ) on Monday July 11, 2005 @04:49AM (#13031424) Journal
    Wow, I am really looking forward to giving Linux the finger...er wait..
    • but will it know it's your finger? Think of linux as your girlfriend, and you want her to know(and perhaps care) that you're the one giving her the finger. If she doesn't care, then she's just a promiscuous mode bitch.
  • Put now your finger on the scanner to play this drm-protected wma. Well... kinda better than hardware fingerprinting anyway. But way more spooky.
    • Mod parent insightful! DRMing content according to the buyer's fingerprint pattern is an excellent way to make sure they are the only person using the content. Oh and as a side effect, M$ and [insert other evil DRM proponents here] would get to see your fingerprint ...

      Spooky indeed.

  • by Keeper ( 56691 ) on Monday July 11, 2005 @04:57AM (#13031442)
    Windows has supported biometric authentication (in addition to smart cards) since Win2k. Hell, they've been selling keyboards with fingerprint scanners built in for almost a year now ...
    • My boss has one of those Microsoft keyboards with the fingerprint scanner. It does not work for Windows logins, only for things like passwords on webpages.
  • Finally... (Score:1, Insightful)

    by Anonymous Coward
    now I can REALLY finger my computer!
  • Finally... (Score:3, Insightful)

    by Ranma-sensei ( 800217 ) <Ranma-sensei@[ ].at ['aon' in gap]> on Monday July 11, 2005 @05:17AM (#13031487) Homepage Journal
    I think it's great - and time! I really don't like having to remember 20 or so passwords just so because if one of them gets hacked my other data is secure. :(
    • Re:Finally... (Score:2, Insightful)

      Except you couldn't switch to using only biometric authentication (not until they get a little DNA blood pinprick scanner thingy, anyway), so the best place for biometric authentication is as an added layer of protection on top of the 20 regularly-rotated random passwords stored in your brain.

      Yes, my tin foil hat fits very nicely thankyouverymuch.

    • Yeah, I just want my fingers hacked instead;)
  • by JohnnyNoSPAM ( 815401 ) on Monday July 11, 2005 @05:25AM (#13031515)
    Linux frequently supports a lot of hardware out of the box. Some folks argue that there is better hardware support for Windows. And that is true in and of itself. However, how often when installing a Windows operating system do yo need a load of driver CDs to accompany the installation? In my experience: always, especially if there is additional hardware such as a printer. Linux, on the other, is frequently distributed with drivers for suppoorted hardware out of the box. What's better is that as Linux grows in popularity, so will the hardware support.
    • Pardon my ignorance, but aren't you supposed to compile the kernel with that hardware support in Linux, before that hardware is actually supported by Linux?

      So what's the difference for a user between Windows' installable drivers and Linux' kernel-compiled drivers?

      Every time a driver gets updated or a new driver is released for EITHER OS, it will require some sort of installation.

      So Linux may come supplied with the driver inside a precompiled kernel, what's the difference with a Windows installation disk
      • Linux uses kernel modules to insert code into a running kernel. Most distributions come shipped with a crapload of modules. They will use an initial ramdisk to do hardware detection and only modprobe modules with hardware present.

        To the end user, all they have to do is install their linux distribution and it just works.

        I've been using Linux for a while now (Red Hat 6.2 was my first). When I first started, you kinda had to plan your hardware for linux or hope it would work. Today, I don't think twice a
      • Pardon my ignorance, but aren't you supposed to compile the kernel with that hardware support in Linux, before that hardware is actually supported by Linux?

        Generally, what will happen is that a distribution will ship with a somewhat minimal kernel and a bunch of kernel modules that take care of different things, e.g. USB devices, iptables modules (adds functionality to the firewall), drivers, and so on. So no, if you don't want to do things the hard-ish way, there's no need to ever compile a kernel.

  • by SpaghettiPattern ( 609814 ) on Monday July 11, 2005 @05:42AM (#13031550)
    Anyone on breaking the biometric authentication?
    • Chopping off finger.
    • Finger print out or finger skin resembling synthetic material.
    • Looks easier that guessing passwds.
    • How long before finger print kits appear in my Gmail->spam box?
    • Anyone on breaking the biometric authentication?

      Check out the work on biometrics at the CCC Berlin [berlin.ccc.de]. Lots of links too, but mostly German. They have a guy who managed to build fake fingerprints with a thin layer of ordinary wood glue. I know it sounds silly, but I have seen it work. Here [www.ccc.de] is a summary in English.

    • You don't even need to go to the extreme lengths of chopping off someone's finger...

      All you need is some fingerptinting dust and some clear tape. Dust the laptop (paying particular attenstion to the central keys on the keyboard where the index finger is most likely to be used, but try the back too, as that might have been brushed off recently, then picked up firmly using several identifiable fingers), pick up a selection of fingerprints with the tape, et voila.

      Unless, of course, you always wear gloves
    • Tsutomo Matsumoto did some work on breaking fingerprint scanners. It was embarassingly easy. Half of the machines he worked with would get tripped up by blowing on the reader (which would cause condensate to form everywhere but where the oil of the last print was at, causing it to re-read the last print... whoops, the last print was an authorized user, feel free to p0wn the box). He also described and demonstrated a way to make fake-fingers out of household materials at the cost of less than a buck which
  • by james_gnz ( 663440 ) on Monday July 11, 2005 @05:48AM (#13031566)

    I am reminded that when I was reading Stallman's The Right To Read [gnu.org] (linked from the recent Slashdot story Old-Fashioned DRM Protects Harry Potter Book [slashdot.org]), I wondered why it didn't include biometrics. That would have prevented the happy ending.

    Having biometrics on my computer with a free / open source OS wouldn't be scary like having biometrics on my computer with a closed OS and hardware DRM, of course.

    For public / institutional networks though, I can't help but wonder where it's going. But on the plus side, at least if big brother runs on Linux I won't worry so much about script kiddies stealing my identity.

  • It's Lenovo's T42 Notebook now
    • Of course, but the retards prefer to use IBM to give the news additional credibility.

      And not to mention the disaster recovery feature - the notebook automatically sends user's fingerprint scan to an IP address in China.
    • Yes it is, and as a new owner of a brand new IBM Thinkpad X41 (with fingerprint reader also equipped) I can say that it propably is the only thing not working in Linux, yet.

      All essential hardware (wlan, lan, graphics, sata, etc.) is working out of the box (Ubuntu Hoary) with this one. Way to go IBM/Lenovo!
  • by de Bois-Guilbert ( 807304 ) on Monday July 11, 2005 @05:50AM (#13031572)
    ...what I want is retinal scanning!

    I'd imagine the patterns in our eyes are more difficult to duplicate for nefarious purposes than our fingerprints, which (besides the cool factor) would mean increased security... On the other hand, I'd rather have the arch-villain chop off my finger than carve out my eyeball.
  • Oh wait, no.. that was T-43 not T42. My bad!
  • by Jonti ( 795505 ) on Monday July 11, 2005 @06:23AM (#13031660)
    Mr Kumaran, a Malaysian accountant, had a Mercedes protected by biometric finfger print recognition. He still lost his car to thieves, tho' -- and the end of his finger as well. You can read about the, uhh, downside, to finger-print recognition here [theregister.co.uk].

    OK, so the Merc was worth USD 75,000 to the thieves, a little more than a laptop. But if a dead finger works, a plastic replica would work as well. Before using a system like this, it may be worth considering the value that the data on a laptop might have to unscrupulous rivals ... Is it worth this kind of horror to protect the laptop itself? There are easier and better ways to protect *data*.

  • Password renewal (Score:3, Interesting)

    by CaxDot ( 869821 ) on Monday July 11, 2005 @06:32AM (#13031691)
    How on earth do I change my login data once it has been compromised? How do I randomly regrow a new fingerprint? Or retina?
  • by EMIce ( 30092 ) on Monday July 11, 2005 @06:35AM (#13031702) Homepage
  • In MacOS 9, one could use a "voice-print" to log into their user account right out of the box. This isn't in OS X, for some reason, but it used to be there. Then again, at least OS X has real users, and not an At Ease retrofit.
  • Anyone know the state of support for fingerprint recognition with Familiar on the Ipaq's that have the scanner? I've got one of those, and would love to switch to linux, but am worried about this and wifi support.
    • Re:Ipaqs (Score:3, Informative)

      It's about the same as the state for speech recognition elsewhere. The systems use way too little data to actually analyze and get at best a 95% or so recognition of the acutal user, and the sensor acuity to defeat even the fake gelatin fingers (Google keyword: gummi fingers) is simply not there, since with a fake finger made from a fingerprint lifted from elsewhere the class that did the Gummi fingers still got better than 80% recognition.

      Basically, the ability to detect a fake fingerprint with a casual t
      • Re:Ipaqs (Score:3, Informative)

        by hacker ( 14635 )

        Basically, the ability to detect a fake fingerprint with a casual test has never existed. The sensors just aren't good enough, even if the software authors were willing to invest the resources to store really thorough images of fingerprints, which they're not.

        The FingerChip(tm) has been doing exactly this since about 1998 or earlier (that's 7+ years). The FingerChip is about 1mm x 8mm in size (about 1/2" long, about the width of a wooden matchstick). I think the company sold its technology to someone

        • If you're going to make this kind of claim, I'd like to see the numbers, particularly of false negatives. (Where the real user fails to be identified by a system set to be picky enough to reject casual fakery.)

          I have difficulty believing your claim: I can believe the manufacturer makes the claim and does a demo, but I want to see it with the Gummy Fingers described elsewhere.
  • Sadly, AuthenTec still lags behind and I still can't use the built-in fingerprint sensor in my laptop.

    When will hardware companies realize that providing documentation and software increases sales?

  • I wish companies and .gov would stop pushing biometrics as the end-all solution to password & user security.

    If the server where the passwords are stored is insecure, then the passwords are insecure!

    The only benefit that fingerprint scanners offer is the instant ability to have 10 different passwords "at your fingertips"!
    Downside: I have to label each of my fingers so I know which password belongs to which site. Well, there's one finger that i don't need to label, that special middle finger is reserve
    • by hacker ( 14635 ) <hacker@gnu-designs.com> on Monday July 11, 2005 @07:53AM (#13031994)
      "I wish companies and .gov would stop pushing biometrics as the end-all solution to password & user security.

      [...]

      The only benefit that fingerprint scanners offer is the instant ability to have 10 different passwords "at your fingertips"!"

      Unfortunately, fingerprint authentication does NOT satisfy government requirements (not to mention the inherent insecurity should you ever be prosecuted).

      CFR 21 part 11 (Code of Federal Regulations governing electronic signatures) mandates that you have to have at least 2 out of 3 things to be said to have securely authenticated:

      1. Something you HAVE (card key, key fob, etc.)
      2. Something you ARE (biometric, iris, fingerprint)
      3. Something you KNOW (password, passphrase, etc.)

      If any system is compromised, and 2 out of the 3 above are used, then there is a conspiracy (like you gave your keycard and password to someone else).

      The issue about security when prosecuted, is that your physical body (fingerprints as well) are subject to "search and seizure" if you are ever arrested (even if 100% innocent). There was a case that went to the Supreme Court (which I can't recall the name of) where a man argued that his fingerprints were "property", and until he waived his rights to his property, he could not be fingerprinted. I'm not sure how that turned out though.

      Basically if you're arrested and they fingerprint you, they could just as easily scan in your fingerprints electronically and "replay" those back later to gain access to your biometric laptop or other devices.

      Best to use 2 out of the 3 (or 3 out of the 3) above, so they can't gain access to your protected data without your approval or consent.

      • CFR 21 part 11 (Code of Federal Regulations governing electronic signatures) mandates that you have to have at least 2 out of 3 things to be said to have securely authenticated:

        1. Something you HAVE (card key, key fob, etc.)
        2. Something you ARE (biometric, iris, fingerprint)
        3. Something you KNOW (password, passphrase, etc.)

        Can you be more specific about where this is in the final rule? All I can find is references to requiring 2 components for identification unless the signature is based on biometric

    • I don't know about the T-42, but the T-43 has an optional hardware security chip that can store the fingerprint info. From what I've read, it can detect tampering and dump it's contents in that eventuality.

      Chip H.
  • Sorry this is a misinterpretation. When I said you can use finger in linux I didn't mean biometric identification, I really meant

    strider44@strider44:~$ finger strider44
    Login: strider44 Name: strider44
    Directory: /home/strider44 Shell: /bin/bash
  • I currently have a T42 on my desk running Windows XP and I set up the fingerprint authentication. It took about 5 minutes. Here's how it works:

    When configuring the system, you provide original prints from any number of your fingers. It suggests you provide 2 of them. Then, you just have to slowly pass any of the fingers on the sensor for it to authenticate you. So for instance, you could make sure you have an electronic print of your right index finger and of your left ring finger. I suppose the redundanc

    • Wow. You just convinced me to give it a try myself.

      Just received a T42 last week. Just installed the software now. Took a total of about 5 minutes to install the IBM software, which replaces the Windows Login Screen (so it does require one reboot).

      Next thing you select your account (and input your password), tell it which fingers you wish to enroll to link to that account, and presto. It seems to shave a second or two off whenever I need to unlock my workstation after the screen saver comes on. Nice!
    • "You know, you've gotta watch it with those circular saws," Tom said off-handedly.
  • I have had a Digital Persona Biometric Fingerprint scanner that I have been trying to get working for ages now. It works great in Windows, but I havent yet found a program to get it to actually perform in Linux. It is USB, and does get identified by hotplug. Digital Persona does provide an SDK for their devices. My opinion is Biometric authentication will be a pretty regular standard in the future.
  • You know they're insecure because you can already buy commercial advertising space in people's fingerprints [ebay.com] online.

    n
  • Who says they are? As one who has over a decade of technical experience in the field, I can tell you that there is not a single objective scientific study to support the belief that fingerprints are unique. You can be equally sure that if it were ever proven that they are not, it would be a disaster for law enforcement all over the world. There is a powerful incentive not to find out. There was a time when everyone knew the world was flat. That "knowledge" had no impact on the truth of the matter.
    • Remember the Madrid Bombing? A US lawyer was arrested since his fingerprints sort-of matched, despite abundant evidence that he didn't leave the country at the time.
      • Raising the other question - competence to judge comparisons between fingerprints does not seem to be in abundance. Again, there is always pressure to solve cases and find somebody to hold responsible. This pressure does not always lead to a true finding.
  • use the foot luke (Score:2, Insightful)

    by sgt scrub ( 869860 )
    Am I the only one thinking outside of the shoe? We leave fingerprints all over the place -- drinking glass, doornobs, eyeglasses. When they create a device that you can stick your foot in for authentication.

    ewe sorry, this is going in the wrong direction.
  • I like it when my own devices can authenticate me with biometrics. Because when they fail, it's my own problem. False negatives can be retried without consequence, and false positives are usually manageable because I control physical access to the device. And, if the errors are unacceptable, I can do something about it, because I control the device. Public authentication, especially surreptitious auth by the government, flips the script. Those devices control me, whether I know it or not. If they're working
  • Those who think biometrics are better than password systems, ought to think twice. While passwords can be changed when compromised, biometrics cannot.

    There is a scene in a James Bond movie where JB uses a glass eyeball that has someone's retina pattern in it to gain access to a secure building. Also, all biometrics must be converted to some digital pattern. How long will it be before some malicious person gets these digital patterns and figures out how to plug them into the software that authenticates th

  • Let me try to alleviate the more paranoid ravings regarding laptop biometrics. As currently implemented, IBM's biometrics are supplementary to the password system: any resources protected by the fingerprint scanner can ALSO be accessed by supplying the proper password or passphrase.

    The fingerprint scanner is a convenience, and is actually pretty finicky (e.g it won't work until your fingertips unwrinkly after a shower). I have one, and seldom use it, because it's faster/more reliable for me to type the pa

  • The T42 is a excellent machine. I currently have one and due to work, I need it to have Windows XP on it since it's owned by them, but soon I am looking into seeing if I can put a Linux partition on it. Got to be careful so I don't toast my work setup on it. It's nice to see that the fingerprint reader is getting support....BUT this device seems to be a little flakey, to me. The one in the iPaq h5555 was better.
  • I took my laptop out of the box, turned it on (booting win xp prof.) and enrolled my fingers for authentication. Then I logged on using the enrolled fingers.

    Will Linux be the first operating system to have integrated biometric user authentication 'out of the box'?"

    So sorry, just not going to be the case.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...