Cash, Credit -- or Prints?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Oct 14 23:59:53 PDT 2004
Alan Barrett <apb at cequrux.com> writes:
>On Tue, 12 Oct 2004, John Kelsey wrote:
>>but there doesn't seem to be a clean process for determining how
>>skilled an attacker needs to be to, say, scan my finger once, and
>>produce either a fake finger or a machine for projecting a fake
>>fingerprint into the reader.
>
>... or a replacement reader that fakes the signals to the rest of the
>security system.
I've seen a number of smart card/PCMCIA combo devices that to this, they have
a discrete fingerprint sensor device connected to a discrete crypto device.
You can fake out the fingerprint check portion by tying one of the connecting
lines to Vcc or GND.
Peter.
More information about the cypherpunks-legacy
mailing list