[ltp] using fingerprint reader for encryption or ssh login?

Jiang Qian linux-thinkpad@linux-thinkpad.org
Mon, 19 Nov 2007 05:17:04 -0500


On Mon, Nov 19, 2007 at 10:45:21AM +0100, Yves-Alexis Perez wrote:
> On Mon, Nov 19, 2007 at 09:30:39AM +0000, Jiang Qian wrote:
> > Hi All:
> > 	I'm among the paranoid people out there who encrypt things but 
> > still fear key stroke logger to steal my passwords. Currently, I use 
> > fingerprint reader to do sudo, so that I don't need to type in password.  
> 
> Are you sure you're really that paranoid?
> 
> http://www.yubanet.com/cgi-bin/artman/exec/view.cgi/38/28878
> http://www.schneier.com/crypto-gram-0205.html#5
> etc.
Sure I am. I'm aware of these tricks. The point about fingerprint 
reader, to me, the same as any two factor authentication: the hacker 
cannot simply do things remotely by stealing my password using key 
logger and my files over network. They then can decrypt all my passwords 
without gaining physical access to either my computer or me.

Without my physical finger print the should not be able to decrypt my 
files. Of course possibilities exist if they're able to directly use the 
image on the disk to decrypt my file, but this probably depend on how is 
this encryption by fingerprint implemented, which is exactly what I'm 
asking.

I assume I can achieve the same thing by using an exclusive key on a usb 
key to decrypt the file. But I always carry my fingerprint around:)

Of course, once governments get hold of my physical disk, only strong 
encryption is going to save it. If they're so devious as to installing a 
key logger on my computer, I assume usb key is a better way to achieve 
two factor authentication/encryption, since I can always destroy/hide 
the key but they can easily lift my prints from the computer. So I'll 
probably use a usb key to do two factor authentication.

Jiang
> 
> --
> Yves-Alexis
> -- 
> The linux-thinkpad mailing list home page is at:
> http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad