[ltp] Fingerprint reader and the Bios

The Maxx linux-thinkpad@linux-thinkpad.org
Thu, 26 Jan 2006 12:42:33 -0300


------=_Part_3507_5208834.1138290153669
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

or put a password in the BIOS.

Max

On 1/26/06, Richard Neill <rn214@hermes.cam.ac.uk> wrote:
>
>
>
> Aaron Mulder wrote:
>
> > When I reported the fingerprint module to SuSE, the response I got was
> > that integrating the driver was out of the question because it was
> > proprietary code that required root privs and thus was inherently
> > insecure.
>
> SuSE's response isn't actually related to the issue of whether the
> fingerprint reader is any good (which it probably isn't:
> http://www.schneier.com/crypto-gram-0205.html#5 )
> It's because you should never trust code for which you don't have the
> source.
>
> However, I think that distros would be ill-advised to adopt the
> fingerprint reader: it encourages a false sense of security.
>
> My personal recommendation is a password containing
> mixed-numbers,punctuation and letters, and being at least 12 characters
> long. It's very hard (without a video-camera) for someone to recognise
> that. Personally, I don't put upper-case in passwords, because this
> makes them much harder to type, especially if you are trying to do so
> rapidly to avoid observation.
>
> Lastly, if the laptop can be booted with knoppix, any password-mechanism
> may be trivially defeated. You need encryption of /home to be secure.
>
> Richard
> --
> The linux-thinkpad mailing list home page is at:
> http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad
>



--
The Maxx

------=_Part_3507_5208834.1138290153669
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

or put a password in the BIOS. <br><br>Max<br><br><div><span class=3D"gmail=
_quote">On 1/26/06, <b class=3D"gmail_sendername">Richard Neill</b> &lt;<a =
href=3D"mailto:rn214@hermes.cam.ac.uk">rn214@hermes.cam.ac.uk</a>&gt; wrote=
:</span>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br><br>Aaron Mul=
der wrote:<br><br>&gt; When I reported the fingerprint module to SuSE, the =
response I got was
<br>&gt; that integrating the driver was out of the question because it was=
<br>&gt; proprietary code that required root privs and thus was inherently<=
br>&gt; insecure.<br><br>SuSE's response isn't actually related to the issu=
e of whether the
<br>fingerprint reader is any good (which it probably isn't:<br><a href=3D"=
http://www.schneier.com/crypto-gram-0205.html#5">http://www.schneier.com/cr=
ypto-gram-0205.html#5</a> )<br>It's because you should never trust code for=
 which you don't have the
<br>source.<br><br>However, I think that distros would be ill-advised to ad=
opt the<br>fingerprint reader: it encourages a false sense of security.<br>=
<br>My personal recommendation is a password containing<br>mixed-numbers,pu=
nctuation and letters, and being at least 12 characters
<br>long. It's very hard (without a video-camera) for someone to recognise<=
br>that. Personally, I don't put upper-case in passwords, because this<br>m=
akes them much harder to type, especially if you are trying to do so<br>
rapidly to avoid observation.<br><br>Lastly, if the laptop can be booted wi=
th knoppix, any password-mechanism<br>may be trivially defeated. You need e=
ncryption of /home to be secure.<br><br>Richard<br>--<br>The linux-thinkpad=
 mailing list home page is at:
<br><a href=3D"http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thi=
nkpad">http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad</a=
><br></blockquote></div><br><br clear=3D"all"><br>-- <br>The Maxx

------=_Part_3507_5208834.1138290153669--