[ltp] using fingerprint reader for encryption or ssh login?

Florian Reitmeir linux-thinkpad@linux-thinkpad.org
Mon, 19 Nov 2007 11:43:36 +0100


Hi,

On Mon, 19 Nov 2007, Jiang Qian wrote:

> 	I'm among the paranoid people out there who encrypt things but 
> still fear key stroke logger to steal my passwords. Currently, I use 
> fingerprint reader to do sudo, so that I don't need to type in password.  
> And I store my passwords, such as those for web logins, in an encrypted 
> file, using a password only for this occasion to decrypt the password 
> file. I copy and paste things to web login so that keystroke logger 
> cannot read off my passwords.
> 	But still, won't it be wonderful if we can use the fingerprint 
> reader, which is already up and running via bioapi interface to PAM, to 
> do the following:

you do fear "key stroke loggers", but you do not fear a simple pam module
which can extract easily the information need to decode you system?

there are simple reasons why passwords are better then fingerprints:
	- i can change my password 
	- i can reset my password
	- i can have several passwords
	
	- a password can _only_ be stolen if some is using a keylogger
	- fingerprints can be stolen the same way, _and_ someone can catch the
		prints, from glases, my computer keys itself... 

IMHO the only reason for fingerprint systems on newer laptops/pcs is, that it
is simpler to handle for the networkadministrator, because the people can't
forget their password..

-- 
Florian Reitmeir