Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Recognition with Linux & IBM's T42

Posted by timothy on from the nobody-said-*which*-finger dept.

Michael R. Crusoe writes "UPEK, provider of popular fingerprint sensors to IBM's T42 notebooks and others, has announced that they will be providing a BioAPI compliant library to perform biometric authentication under GNU/Linux. Will Linux be the first operating system to have integrated biometric user authentication 'out of the box'?"

3 of 156 comments (clear)

  1. Ahem, PAM by nokilli · · Score: 5, Interesting

    I don't understand this. Isn't writing to PAM all you need to do to support authentication on Linux?

    They're talking about writing this whole framework for Linux called BioAPI, and then once that's done they're going to work on a BioAPI-to-PAM gateway, but that seems like way too much work.

    Why can't an authentication module simply maintain its own database to register the biometric data associated with each user?

    The way it is now, pam_unix.so does a one-way hash of the password you create and compares it with a one-way hash of whatever password you enter to log on, right? The password once stored is never stored in the clear.

    I get the fact that you can't do that with biometric data because the data never is exactly the same, i.e., the one-way hash of the fingerprint you use to create the account won't be the same as the one-way hash created as you log on. And to do the comparison otherwise you'd need to load the data into memory, which is like loading a password, which is bad.

    This is a really tricky problem.

    I just don't see why we need a new framework. Seems to me, we need a new kind of hash function.

    Why can't that go into pam_finger.so?

    1. Re:Ahem, PAM by /ASCII · · Score: 5, Insightful
      The reason why making a general purpose API is better than hardcoding for a single use authentication algorithm is that you get:
      • Less lock in, since when the next generation of PAM killer comes along, the switch will be much easier.
      • Better portability to systems that don't use PAM. QNx, ReactOS, Windows, MacOS the world is a big place...
      • More uses for the software. Maybe you can use this fingerprinter together with a Firefox plugin to slightly increse the security of your bank transactions?

      If the above reasons are enough to warrant the extra layer of indirection, I do not know. But saying that there are _no_ advantages to making a general purpose API is plainly false. It's a simple tradeoff.
      --
      Try out fish, the friendly interactive shell.
  2. *Bah*, fingerprint scanning is yesterdays news... by de+Bois-Guilbert · · Score: 5, Insightful

    ...what I want is retinal scanning!

    I'd imagine the patterns in our eyes are more difficult to duplicate for nefarious purposes than our fingerprints, which (besides the cool factor) would mean increased security... On the other hand, I'd rather have the arch-villain chop off my finger than carve out my eyeball.