[extropy-chat] RFID smartcard passports and driver's licenses
sjatkins at mac.com
Sun Apr 10 19:42:52 UTC 2005
On Apr 9, 2005, at 10:13 PM, Mike Lorrey wrote:
> Personal biometrics that stand a chance of being left lying around are
> insecure keys. You leave your DNA all over the place, and your
> fingerprints remain on everything you touch. Retina scans seem the only
> really secure biometric, save the risk that someone is likely to gouge
> out your eyeball to get your key (or forcibly scan you while under
> restraints, physical or drug induced).
I would not use them for keys others may use. I would require that
sensitive personal data be controlled by the person it is about and
only released to others in a controlled way and in chosen amounts when
the device is actually on the person whose biometrics it is coded to.
The data device could only be accessed and told to release information
by the person whose biometrics matched its internal coding. A private
pass phrase on top of this should make the device fairly immune to
successful cracking even if someone with a good enough lab had your
biometrics and the skill to fake them to the device. At the very least
such a device is immune to casual information stealing and identity
theft which is where my initial comments on the subject started from.
> Beyond this, the risk is that you have to trust any piece of equipment
> that demands to scan you. This is vulnerable to man-in-the-middle
> attacks similar to the fake-ATM scam, where you would see some kiosk
> providing some product or service you wanted (stamps, ATM, subway
> passes, concert/theater/airline/sports tickets, candy or other food
> vending, etc) that would demand your retina scan and a scan of one of
> your payment cards for something real.
The only equipment scanning you is on your person and owned by you and
is not broadcasting that information. So such an attack is not
More information about the extropy-chat