Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Recognition with Linux & IBM's T42

Posted by timothy on from the nobody-said-*which*-finger dept.

Michael R. Crusoe writes "UPEK, provider of popular fingerprint sensors to IBM's T42 notebooks and others, has announced that they will be providing a BioAPI compliant library to perform biometric authentication under GNU/Linux. Will Linux be the first operating system to have integrated biometric user authentication 'out of the box'?"

5 of 156 comments (clear)

  1. To answer the question: No. by Keeper · · Score: 3, Informative

    Windows has supported biometric authentication (in addition to smart cards) since Win2k. Hell, they've been selling keyboards with fingerprint scanners built in for almost a year now ...

  2. Re:Ahem, PAM by Libor+Vanek · · Score: 4, Informative

    AFAIK not - fingerprint is just "convert black&white image to curves, find markers (like end of "line", join of 2 lines etc.) and save relative position of these markers. In fact fingerprint "image" is usually a few 10s of bytes!

  3. Here's a guy that won't be using it! by Jonti · · Score: 3, Informative
    Mr Kumaran, a Malaysian accountant, had a Mercedes protected by biometric finfger print recognition. He still lost his car to thieves, tho' -- and the end of his finger as well. You can read about the, uhh, downside, to finger-print recognition here.

    OK, so the Merc was worth USD 75,000 to the thieves, a little more than a laptop. But if a dead finger works, a plastic replica would work as well. Before using a system like this, it may be worth considering the value that the data on a laptop might have to unscrupulous rivals ... Is it worth this kind of horror to protect the laptop itself? There are easier and better ways to protect *data*.

  4. Re:Ahem, PAM by nathanh · · Score: 4, Informative
    I don't understand this. Isn't writing to PAM all you need to do to support authentication on Linux?

    No. For example, the OpenSSH server needs explicit support for GSSAPI to support Kerberos Single Sign On. That could not be done within PAM.

  5. Re:Use of finger-prints !=security by hacker · · Score: 3, Informative
    "I wish companies and .gov would stop pushing biometrics as the end-all solution to password & user security.

    [...]

    The only benefit that fingerprint scanners offer is the instant ability to have 10 different passwords "at your fingertips"!"

    Unfortunately, fingerprint authentication does NOT satisfy government requirements (not to mention the inherent insecurity should you ever be prosecuted).

    CFR 21 part 11 (Code of Federal Regulations governing electronic signatures) mandates that you have to have at least 2 out of 3 things to be said to have securely authenticated:

    1. Something you HAVE (card key, key fob, etc.)
    2. Something you ARE (biometric, iris, fingerprint)
    3. Something you KNOW (password, passphrase, etc.)

    If any system is compromised, and 2 out of the 3 above are used, then there is a conspiracy (like you gave your keycard and password to someone else).

    The issue about security when prosecuted, is that your physical body (fingerprints as well) are subject to "search and seizure" if you are ever arrested (even if 100% innocent). There was a case that went to the Supreme Court (which I can't recall the name of) where a man argued that his fingerprints were "property", and until he waived his rights to his property, he could not be fingerprinted. I'm not sure how that turned out though.

    Basically if you're arrested and they fingerprint you, they could just as easily scan in your fingerprints electronically and "replay" those back later to gain access to your biometric laptop or other devices.

    Best to use 2 out of the 3 (or 3 out of the 3) above, so they can't gain access to your protected data without your approval or consent.