[ltp] using fingerprint reader for encryption or ssh login?

linux-thinkpad@linux-thinkpad.org linux-thinkpad@linux-thinkpad.org
Mon, 19 Nov 2007 12:52:36 +0200


Quoting Jiang Qian <jqian@physics.harvard.edu>:

> On Mon, Nov 19, 2007 at 10:45:21AM +0100, Yves-Alexis Perez wrote:
>> On Mon, Nov 19, 2007 at 09:30:39AM +0000, Jiang Qian wrote:
>> > Hi All:
>> > =09I'm among the paranoid people out there who encrypt things but
>> > still fear key stroke logger to steal my passwords. Currently, I use
>> > fingerprint reader to do sudo, so that I don't need to type in password=
.
>>
>> Are you sure you're really that paranoid?
>>
>> http://www.yubanet.com/cgi-bin/artman/exec/view.cgi/38/28878
>> http://www.schneier.com/crypto-gram-0205.html#5
>> etc.
> Sure I am. I'm aware of these tricks. The point about fingerprint
> reader, to me, the same as any two factor authentication: the hacker
> cannot simply do things remotely by stealing my password using key
> logger and my files over network. They then can decrypt all my passwords
> without gaining physical access to either my computer or me.
>
> Without my physical finger print the should not be able to decrypt my
> files. Of course possibilities exist if they're able to directly use the
> image on the disk to decrypt my file, but this probably depend on how is
> this encryption by fingerprint implemented, which is exactly what I'm
> asking.
>
> I assume I can achieve the same thing by using an exclusive key on a usb
> key to decrypt the file. But I always carry my fingerprint around:)
>
> Of course, once governments get hold of my physical disk, only strong
> encryption is going to save it. If they're so devious as to installing a
> key logger on my computer, I assume usb key is a better way to achieve
> two factor authentication/encryption, since I can always destroy/hide
> the key but they can easily lift my prints from the computer. So I'll
> probably use a usb key to do two factor authentication.
>

The two basic ideas behind encryption are that if there is a door =20
there is a way (if they'll really want to decript you files/hack into =20
you system and there are enough files they'll be able to do it with =20
enough resources) and thus the implied part, don't spend more then the =20
data is worth to protect it.

Is you data worth that much to protect to work with all the added =20
inconvinience?

Although I have to admit that AFAIK the enigma was only recently =20
cracked (or partially cracked) so maybe some encriptions are strong =20
enough (although intuition in computer science iplies that at least =20
RSA isn't)

> Jiang
>>
>> --
>> Yves-Alexis
>> --
>> The linux-thinkpad mailing list home page is at:
>> http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad
> --
> The linux-thinkpad mailing list home page is at:
> http://mailman.linux-thinkpad.org/mailman/listinfo/linux-thinkpad
>