I certainly agree that anything can be broken, but I am particuarly wary of complex bleeding-edge (if you will) technology systems that appear to improve things (in this case security, but that isn't the only case), but really serve more to hide insecurities behind flash and sizzle.
in reply to Re^2: Biometrics with perl
in thread Biometrics with perl
Just to extend the argument a bit more:
- finger temperature scan - pointless as skin surface temperature is most certainly not constant enough in any individual to be useful as even a partial identifier
- blood gas reading - perhaps harder to fake, but why bother when like temperature, it too is not going to be consistent enough in a single user (did you have a beer at lunch?)
- automatic digital photograph of the finger as it comes close to the scanner - now there's some cool AI: first step, see if you can tell a moving finger from a moving sausage reliably in real time. Better attack: mount the gelatin on a real finger.
- weight plate - pretty crude, depends on clothing (seasonal), number of devices clipped to the subject geek, and whether they went to the all-you-can-eat down the street for lunch. Anyway, if you want to steal someone's finger, it's an easy matter to weigh them too.
- retinal scan - perhaps the best of the lot, but given the poor science behind finger prints, I'm similarly loath to assume these are correct. It also wouldn't surprise me if there are legal problems regarding employees with disabilities as there are with most biometrics.
I'm no expert and I've doubtless missed things, but my point is an RFID ID badge or similar with a suitably long encryption key and photo is far simpler, useable by both machine and human security staff, easy to issue, easy to confirm, and easy to cancel. I'm sure it too has truckloads of problems, but when we step past the intriguing academic exercise into practical application, simple wins with me every time.
I'd like to be able to assign to an luser