FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-01-2007, 09:24 AM
Amar Kumar Padhi
 
Default fingerprint scanner

Hi,
Just installed fedora 8 x86-64 on an AMD laptop, hp dv6500. I am stuck at finger print scanner. I googled but could not locate steps to make use of fingerprint scanner for logging in.

Any pointers/links will be very handy, thanks.

thanks!
amar kumar padhi
www.amar-padhi.com
pushed from PDA

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 05:14 PM
Konstantin Svist
 
Default fingerprint scanner

Amar Kumar Padhi wrote:

Hi,
Just installed fedora 8 x86-64 on an AMD laptop, hp dv6500. I am stuck at finger print scanner. I googled but could not locate steps to make use of fingerprint scanner for logging in.


Any pointers/links will be very handy, thanks.




I've researched this a while ago (about a year, or two) - and this is
what I found:

* linux support for fingerprint scanners is rudimentary, at best
* The only good software that performs fingerprint recognition is non-free
* the only GPL variant was barely able to process the image
* gdm/kdm didn't have any support for fingerprint identification


That said, Windows doesn't do fingerprints correctly. The idea behind
fingerprints is to establish a 2-factor authentication, not replace
passwords. Make sure that this is what you're seeking.


See here how Mythbusters opened a "strong" fingerprint-only lock with a
photocopied fingerprint:
http://www.engadget.com/2006/09/22/digital-fingerprint-door-lock-defeated-by-photocopied-print/



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 05:23 PM
Alan Cox
 
Default fingerprint scanner

> * linux support for fingerprint scanners is rudimentary, at best
> * The only good software that performs fingerprint recognition is non-free
> * the only GPL variant was barely able to process the image
> * gdm/kdm didn't have any support for fingerprint identification

gdk/kdm are not supposed to have support fingerprint scanners, they
support PAM. PAM in turn lets you introduce all sorts of security
policies and modules to all applications.

There are pam modules for things like smartcards, and you can have fun
with things like "only allow login if mobile phone bluetooth id is local"

> That said, Windows doesn't do fingerprints correctly. The idea behind
> fingerprints is to establish a 2-factor authentication, not replace
> passwords. Make sure that this is what you're seeking.
>
> See here how Mythbusters opened a "strong" fingerprint-only lock with a
> photocopied fingerprint:
> http://www.engadget.com/2006/09/22/digital-fingerprint-door-lock-defeated-by-photocopied-print/

Fingerprint is basically gimmickry. Easily fooled and you can't issue
people with new fingerprints, or in the unpleasant case - new fingers.

Alan

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 08:16 PM
John Summerfield
 
Default fingerprint scanner

Konstantin Svist wrote:

See here how Mythbusters opened a "strong" fingerprint-only lock with a
photocopied fingerprint:
http://www.engadget.com/2006/09/22/digital-fingerprint-door-lock-defeated-by-photocopied-print/


They still need the fingerprint. In the (common) case of a stolen
laptop, possession of the computer doesn't necessarily lead to
possession of the key print.




--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 08:25 PM
Alan Cox
 
Default fingerprint scanner

On Sun, 02 Dec 2007 06:16:33 +0900
John Summerfield <debian@herakles.homelinux.org> wrote:

> Konstantin Svist wrote:
>
> > See here how Mythbusters opened a "strong" fingerprint-only lock with a
> > photocopied fingerprint:
> > http://www.engadget.com/2006/09/22/digital-fingerprint-door-lock-defeated-by-photocopied-print/
>
> They still need the fingerprint. In the (common) case of a stolen
> laptop, possession of the computer doesn't necessarily lead to
> possession of the key print.

Odds on the shiny surfaces of the laptop will contain the fingerprint. I
can also probably obtain all the data by moving the disk over or by
isolating the reader by flashing a patched BIOS.

At minimum you would need a system where the fingerprint reader was
linked to disk encryption. At that point it serves no purpose as you
might as well keep the key somewhere safe and different (or use a
smartcard).

Alan

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 09:50 PM
Tom Horsley
 
Default fingerprint scanner

On Sat, 1 Dec 2007 18:23:48 +0000
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

> Fingerprint is basically gimmickry. Easily fooled and you can't issue
> people with new fingerprints, or in the unpleasant case - new fingers.

Ah, but if the Sarbanes-Oxley auditors will accept a fingerprint
scanner as a secure login, you won't have to change your password
so often that you leave it written down on a post-it and stuck
to your screen, so fingerprint scanners might actually be more
secure :-).

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 10:45 PM
John Summerfield
 
Default fingerprint scanner

Tom Horsley wrote:

On Sat, 1 Dec 2007 18:23:48 +0000
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:


Fingerprint is basically gimmickry. Easily fooled and you can't issue
people with new fingerprints, or in the unpleasant case - new fingers.


Ah, but if the Sarbanes-Oxley auditors will accept a fingerprint
scanner as a secure login, you won't have to change your password
so often that you leave it written down on a post-it and stuck
to your screen, so fingerprint scanners might actually be more
secure :-).

To defeat the "change your password" myth, google '"best practice"
password security.' There's a paper I've turned up a couple of times,
most recently in the past week, where a professor argues changing
passwords regularly might have been a good idea 40 years ago, but not
now. His argument seems good to me, and I've not changed my preferred
password in over five years (and I've not disclosed it to anyone).






--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 11:25 PM
Tom Horsley
 
Default fingerprint scanner

On Sun, 02 Dec 2007 08:45:10 +0900
John Summerfield <debian@herakles.homelinux.org> wrote:

> To defeat the "change your password" myth, google '"best practice"
> password security.' There's a paper I've turned up a couple of times,
> most recently in the past week, where a professor argues changing
> passwords regularly might have been a good idea 40 years ago, but not
> now. His argument seems good to me, and I've not changed my preferred
> password in over five years (and I've not disclosed it to anyone).

Hey! I know its a myth, but it is dear to the hearts of the
morons running the Sarbanes-Oxley audits at work, so changing
passwords it is. Of course, as expected, they only care about the
passwords in the Windows domain. No one has changed their
linux password in years :-)..

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-01-2007, 11:45 PM
John Summerfield
 
Default fingerprint scanner

Tom Horsley wrote:

On Sun, 02 Dec 2007 08:45:10 +0900
John Summerfield <debian@herakles.homelinux.org> wrote:

To defeat the "change your password" myth, google '"best practice"
password security.' There's a paper I've turned up a couple of times,
most recently in the past week, where a professor argues changing
passwords regularly might have been a good idea 40 years ago, but not
now. His argument seems good to me, and I've not changed my preferred
password in over five years (and I've not disclosed it to anyone).


Hey! I know its a myth, but it is dear to the hearts of the
morons running the Sarbanes-Oxley audits at work, so changing
passwords it is. Of course, as expected, they only care about the
passwords in the Windows domain. No one has changed their
linux password in years :-)..

Your saying it's a myth is one thing, a well-reasoned paper from a
professor another. Consider it a reference to an authority on the
subject, the kind of witness you'd like on your side in a court of law.
Particularly, if you can find some other authoritative papers supporting
your view.



Me, my boss said change everyone's password each month. I said,
"Considering the problem they have with the first password, how should
we do it?" His response, "Tell me when you have a procedure," and that's
where the matter has rested for a year or two. If he ever recalls the
matter, I will present a suggestion for a pilot to run for some period
of time, where _his_ password gets changed regularly. Probably, I will
print it on his printer then change to the new password.


We use a password generator, and the password's sole use for general
users is to send/receive email on their laptops. Emailing new passwords
might be fun, until the Air Movement Device becomes coated with sticky
brown stuff...


The fingerprint scanner would work fairly well for this. There's only
one person around who could even come close to breaking it, and I don't
need to.





--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-02-2007, 11:00 PM
Tim
 
Default fingerprint scanner

On Sat, 2007-12-01 at 21:25 +0000, Alan Cox wrote:
> Odds on the shiny surfaces of the laptop will contain the fingerprint.
> I can also probably obtain all the data by moving the disk over or by
> isolating the reader by flashing a patched BIOS.

You raise a good point. More recent fingerprint scanners are something
you wipe your finger across, rather than just press your finger against
it. That stops someone from lifting a print directly from the scanner,
but they've still got the rest of the machine to look for one. You'd
need to make the entire computer unreceptive to taking prints, and that
introduces a new factor - being much harder to identify laptop thieves,
should you ever manage to get one back.

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 12:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org