From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Sun, 18 Feb 1996 21:06:30 +0800
To: cypherpunks@toad.com
Subject: Re: credential "borrowing"
Message-ID: <960216225818.2021f6a7@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


>Did anybody see the movie Demolition Man?  Biometrics were "hacked" 
>there.  I guess it's hard to be sure, but it seems something in your 
>brain is tougher to extract than a finger or an eyeball.  The texts say a 
>combination is a good idea.

Well, for a well funded adversary, the first step is to buy a duplicate
to the system to be subverted and analyze it. Usually is nnot difficult.
Problem with biometrics is the cost/speed. To do it right is going to
be slow/expensive. Few are.

However the traditional rule has been "something you have/something you know"
two factors are good, three are better.

In that line, along with one of my primary tasks (securing of notebooks)
have been warning people that if the information is valuable enough to require
that level of protection then the user is put at added risk the same way that
better automobile locks spawned carjackings. Duress codes are not difficult
to impliment.

BTW voted for Ed Clark once since "none of the above" was not an option.
Spent the next year getting beg letters from various libertarian groups.

						Warmly,
							Padgett