Biometric passphrase

[David Picón Álvarez]

--oO2gz1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: text/plain;
	charset="iso-8859-15"
Content-Transfer-Encoding: 7bit

Hi,


> Do you have any experience with implementing biometric into gpg as
passphrase. I mean to give user's biometric data from (for example
fingerprint) scanner as passphrase during key generation and use it when she
want to sign or decrypt something???
>
> Advantages:
> -Maybe the passphrase would be more random(???)
> -Even she won't know the passphrase
>
> Disadvanteges:
> -Maybe the passphrases would be in a predetermined format (according to
the biometric algorithm)
> -she will allways need a scanner to sign or decrypt
> -she can loose her finger or iris ;--))
>
> what do you think??



Biometry is apt for certain things, but it's not good as a passphrase. The
ideal passphrase is both unique and secret. Biometric data are unique, but
not secret. Moreover, if you're going to encrypt a pgp key with biometric
data, make sure the data does not change at all, because exactness is
required, which points at biometry not being the right solution. If you're
just thinking of consulting the biometric device each time user wants to
sign or decrypt and have the key unencrypted or not encrypt the key with the
biometric data, then it's a completely different issue. If you  don't
encrypt the key, then it's vulnerable. If you do, then the biometry is just
a further annoying bump on the way, like a UNIX login prompt.

--David.



--oO2gz1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iQQXAwUAPagWM4Vy4iYQ9LKqFAKkaA/9G2sb0fOsomMmJnUmwZo0Uk76Y1wfq+2y
KephHhTBuDRNtWD3y3jSYtgyT0zd1Hal7wi/zd7eAbtqoNR9egDsHGszD+4xSkgb
qBG/TTAGwD0rJqP5aagQcQazBJdgn7nkPIeeZp1tjiOS7FNUnhIEjom6c7RThv1v
EiEeY7RmCNFW2FjETWj0Fn0raFYdDoyJWB4P0fqjYbXWiPPkO/+ShPqbUjGHgzXn
pWKEyaseVKsY7CksJwvxaaDgeMa8L3ITtxzUPItv39f1u62a0LFbFC3bkHR4CEGh
o5FiW6aGfU5yxxf7BKmpu9H1RDQ00E2UVXz3PiKEyk6AjNaC20OPJafepeUibVpY
LSlzsq0lo0b9zQFHYXL7ZxBU9zRaG0FVmTtpbifsTay8y0v5mSagyV39/cSUef/R
OYFsw17cR3zKl3mujubmppGemBupk1pfo9z6gV2YAe/ifGsPDBs5S0pG6N1kHVaR
CVUXLZIJdrT05w4JEWAQGkHbRzwoYTTbJg4n4NWfvndJLyCyIjkuBe0rZLxprHXr
Sz7zmSGJEB2EOhxAoCW5RE0YrNaZzZ23SSI7NlV2g/Vji3vtSKjDy+DaCKwApQdE
n2Q8F86xDtbw5UhmoY4C+hSZXFLe3XXrv1/JO/PymORfD1GQG5KaRQUm4Y/GAXG+
ctD1FJMTlY8P/iSDaAxplqLHt3Lda3v3v+D88656c1IeFIuF6TnQBcaMvMzuQboT
RjNm7j2k8wBmg61MLbYCySuFsBzfrVAJ1gbJI5RQivSSxpGME9ZngCAZ0RzjkXAX
XER1uu+J5lWEG9Ok37znQovJhqi5xDXObCrlRh+nYzrTM6hEVBuGiacqhw5z1tkc
eZyOQSV8af4SF44xoMIMkIeSRzTc/N4Ni4Xwh5yNPZSMFgrcpnVgjrMiYnycmHfO
rqhXm5KZ35iTswNQK0tzZ5/HV+Tguiqo9WVB+DzTSRJriAANd7rJKPFQ9VItH9C/
x8PeOE+QnlyirZr+nGkGhdx8AuGOekli+e8fw+VVCfkyxtAjTqEVvsLcJGbrA6B9
bOEoCcCRUjoOnEMh5emlKmWDibMB37k6jqPbzChIhRNyzONIeeu06MnvqRyz4xRZ
R4GNzlWcQGtTndzx0iI03LmchoAh7tsaOoUJ/BBiLwCTzrhNXwLYYWD5k1cIdkfH
FPyF1JsHaXhx/zab7POv20Lc8ajfhVWiJnF5OKXgJ13lEZRz9EQOnY1eJL1xnk6G
BFH/ws85hxaHx6a0LpQIsKa3arOBvc2NuZuHw+53ks5UygNrgMx0aMIg55lr42qN
d16Yb+7rooxWM634mVBw1MiDwsqc93X3ShRqp267Vgikixu3RMMOm0Jq
=lff/
-----END PGP SIGNATURE-----

--oO2gz1fZ.5XiMkIG0nnxfhpcRy8C.PaU--