Not even close. Biometrics are horrible for data security. In fact biometrics are horrible for almost all security situations. Consider the attack you put forth (walk in company, place box, plug in, collect later). Biometrics won't stop you from walking in, although it will make it marginally more difficult, you will still have to wait for someone to open a door, and then you follow them in. Placing the box will not be any more difficult, it is your box, the only protection is what you want on it. Plugging the box in will be no more difficult, a wall plug is just a wall plug. Collecting later will be marginally more difficult because you have to gain access again. Biometrics will not cause problems with the data you retrieve since biometrics cannot (yet) be used for encryption. Biometrics fails the very attack you put forth. Biometrics fails.
> Think Faraday Cage.
Simply infeasible. The closest you would get is the NSA building, and it leaks trace amounts through the windows. At the time of it's construction the window leakage was considered below useful threshholds, now I have strong suspicions that it is possible to detect and decode the emissions. The only saving grace you have is the proliferation of computers this pollutes the leaked streams making them significantly more difficult to decode.
On the original topic. The solution I've had in place for about a year is to run everything in house over IPSec. There is a wireless connection, but unless you can log into the VPN you won't get any further. Turns out to be pretty easy to setup, and while I have had the wireless "hacked" they didn't get any further. Of course this is a bit heavy handed for a major installation, but as a cryptographer I am working on a tear out and replace protocol without all the extra cr*p that 802.11 keeps trying to put into WEP, instead I'm basing it more on a secured IP network.
For those of you that don't want to read the whole article, I'll spoil it for you.
"We've found an electronic way of handling those complex keys, and of regenerating them dynamically so that lists of keys don't have to be stored anywhere," Mr. Kassam said.
Proves one of two things, Mr Kassam (from the company this piece is about) either does not understand tha product, or the product is not equivalent to a OTP. It's a very simple proof.
The data can be reconstructed using less data than is in the pad itself The pad is not wholly entropic The resulting system is not in any way shape or form a OTP.
Of course I haven't presented the proof with any formality to it, but I don't think it needs it.
So from this we can conclude one of two things. 1) They don't know what they are doing 2) They lack a fundamental understanding of the most basic computer science, which of course is the same as "They don't know what they are doing"
So they don't know what they are doing, and I wouldn't trust them to protect my email address (which I consider public knowledge), let alone anything important.
Slashdot Mirror
> You want real security?
> Think biometrics.
Not even close. Biometrics are horrible for data security. In fact biometrics are horrible for almost all security situations. Consider the attack you put forth (walk in company, place box, plug in, collect later). Biometrics won't stop you from walking in, although it will make it marginally more difficult, you will still have to wait for someone to open a door, and then you follow them in. Placing the box will not be any more difficult, it is your box, the only protection is what you want on it. Plugging the box in will be no more difficult, a wall plug is just a wall plug. Collecting later will be marginally more difficult because you have to gain access again. Biometrics will not cause problems with the data you retrieve since biometrics cannot (yet) be used for encryption. Biometrics fails the very attack you put forth. Biometrics fails.
> Think Faraday Cage.
Simply infeasible. The closest you would get is the NSA building, and it leaks trace amounts through the windows. At the time of it's construction the window leakage was considered below useful threshholds, now I have strong suspicions that it is possible to detect and decode the emissions. The only saving grace you have is the proliferation of computers this pollutes the leaked streams making them significantly more difficult to decode.
On the original topic. The solution I've had in place for about a year is to run everything in house over IPSec. There is a wireless connection, but unless you can log into the VPN you won't get any further. Turns out to be pretty easy to setup, and while I have had the wireless "hacked" they didn't get any further. Of course this is a bit heavy handed for a major installation, but as a cryptographer I am working on a tear out and replace protocol without all the extra cr*p that 802.11 keeps trying to put into WEP, instead I'm basing it more on a secured IP network.
For those of you that don't want to read the whole article, I'll spoil it for you.
"We've found an electronic way of handling those complex keys, and of regenerating them dynamically so that lists of keys don't have to be stored anywhere," Mr. Kassam said.
Proves one of two things, Mr Kassam (from the company this piece is about) either does not understand tha product, or the product is not equivalent to a OTP. It's a very simple proof.
The data can be reconstructed using less data than is in the pad itself
The pad is not wholly entropic
The resulting system is not in any way shape or form a OTP.
Of course I haven't presented the proof with any formality to it, but I don't think it needs it.
So from this we can conclude one of two things.
1) They don't know what they are doing
2) They lack a fundamental understanding of the most basic computer science, which of course is the same as "They don't know what they are doing"
So they don't know what they are doing, and I wouldn't trust them to protect my email address (which I consider public knowledge), let alone anything important.