[ltp] using fingerprint reader for encryption or ssh login?
Florian Reitmeir
linux-thinkpad@linux-thinkpad.org
Mon, 19 Nov 2007 11:43:36 +0100
Hi,
On Mon, 19 Nov 2007, Jiang Qian wrote:
> I'm among the paranoid people out there who encrypt things but
> still fear key stroke logger to steal my passwords. Currently, I use
> fingerprint reader to do sudo, so that I don't need to type in password.
> And I store my passwords, such as those for web logins, in an encrypted
> file, using a password only for this occasion to decrypt the password
> file. I copy and paste things to web login so that keystroke logger
> cannot read off my passwords.
> But still, won't it be wonderful if we can use the fingerprint
> reader, which is already up and running via bioapi interface to PAM, to
> do the following:
you do fear "key stroke loggers", but you do not fear a simple pam module
which can extract easily the information need to decode you system?
there are simple reasons why passwords are better then fingerprints:
- i can change my password
- i can reset my password
- i can have several passwords
- a password can _only_ be stolen if some is using a keylogger
- fingerprints can be stolen the same way, _and_ someone can catch the
prints, from glases, my computer keys itself...
IMHO the only reason for fingerprint systems on newer laptops/pcs is, that it
is simpler to handle for the networkadministrator, because the people can't
forget their password..
--
Florian Reitmeir