On Sun, 10 Apr 2005, Michael J. Tubby B.Sc. (Hons) wrote:

> Just goes to show that finger print recognition, or *any* Biometrics
> on their own, are insuffufficient.

No, it goes to show that we don't think through the failure modes of new
technologies sufficiently prior to implementing them.

> A _proper_ security system needs to be based on:
> a) something that you own
> b) something that you know

No, that's a best-try scenario. A proper security system is based upon
who you are, what your state of mind is, and what you need access to.
It's just relatively expensive to implement.

> However if they had needed a token plus the next PIN from a sequence
> (or part of a challenge/response) then they would have needed him,
> alive, and always _with_ the vehicle.... this would make stealing the
> pointless.

No, they would have needed the token and the PIN, still no requirement for
the live driver.

> Equally, if the biometrics could have asked for any finger, toe, retina
> scan the theives would have had more trouble...

I don't think a wrist is that much more trouble than a finger to a
machette. Once again, the cost to the victim is much higher when the
attacker believes they can force the authentication by taking the
authenticator, and the authenticator is costly or irreplaceable.

Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
firewall-wizards mailing list