1667
votes
|
|
2328
0
661
|
|
|
|
|
47
votes
|
|
53
3
6
|
|
|
|
|
|
10
votes
|
|
16
3
6
|
|
|
|
|
|
Attachments
Duplicates
Comments
stgraber
(Brainstorm admin)
wrote on the 28 Feb 08 at 15:49
|
|
|
right, I filed this bug myself and did the packaging for Hardy.
Though the packages entered Debian's new while I was doing the packaging for Ubuntu. I then hoped to see Debian's one soon enough to just sync them but it was too late :(
So we'll have fprint in Intrepid for sure, now let's hope we'll have PAM and gnome integration for those tools too.
|
|
|
|
yay, perhaps this is finally possible with the new gdm?
|
|
stgraber
(Brainstorm admin)
wrote on the 28 Feb 08 at 17:16
|
|
|
Last I checked, with fprint it just hangs waiting for a fingerprint.
Then once it detected the fingerprint it displays the "Please use your fingerprint reader" message.
There is no way to enter the password instead of the fingerprint, you basically have to give it a wrong fingerprint to have it asks for the password.
|
|
jjongsma
wrote on the 28 Feb 08 at 17:45
|
|
|
|
Smartcards also. I imagine it requires many of the same changes to GDM, etc - replacing either the username or password prompt with a separate device input.
|
|
gaboo
wrote on the 28 Feb 08 at 20:36
|
|
|
Would be awesome !
Please don't forget kubuntu integration too :)
|
|
Jstone
wrote on the 29 Feb 08 at 00:30
|
|
|
|
gnome-keyring needs to be modified, too. It doesn't use PAM, so it won't accept fingerprint input.
|
|
in4mer
wrote on the 29 Feb 08 at 02:16
|
|
|
It bears repeating that the judicial system has up 'til now regarded compulsory passphrase discovery as self-incrimination, and therefore illegal. However, the judiciary has also made it clear up to this point that compulsory furnishing of biometric identification in order to reveal hidden or encrypted data to NOT be self-incriminatory, and therefore not protected.
tl;dr if this is done, pls give an option of biometric AND passphrase for authentication.
thx.
|
|
johnpro
wrote on the 29 Feb 08 at 02:57
|
|
|
|
If you have a thinkpad laptop you just need to install thinkfinger. If you don't have a thinkpad laptop then I am sorry but I can't help you.
|
|
jldugger
wrote on the 29 Feb 08 at 05:56
|
|
|
Scott Remnant is working on bringing thinkfinger into main for hardy. Despite the name, it supports many laptops with a specific set of UPEK fingerprint readers. It works with my Toshiba laptop, and presumably will work with Dell laptops in the future.
Thinkfinger itself is dying out and will slowly be replaced by fprint as it improves. As for default configurations, it's a very tricky business. Some people want secure by default (ie biometric and passphrase authentication) and others want to substitute print scans for passwords entirely.
However, you can't easily encrypt data with thinkfinger, for the same reasons you can't unlock the WEP/WPA passwords NetworkManager stores in gnome-keyring.
|
|
keybuk
(Brainstorm admin)
wrote on the 29 Feb 08 at 12:04
|
|
|
|
Actually, I'm looking at both thinkfinger and fprint
|
|
|
I am seriously against this idea because 90%+ of these fingerprint readers are exploitable and hackable. They give false sense of security to their users and are plainright dangerous in case of someone really believing that they can not be fooled.
|
|
|
|
rawsausage is right: It is moronic to believe that a fingerprint reader in a device that has your fingerprints all over it can protect you.
|
|
|
I'd like to voice against the inclusion of a fingerprint authentication into the standard distro.
Rationale: As Starbug from Chaos Computer Club, Berlin, Germany outlined in detail on the yearly Chaos Cummunication Congress in 2006 and 2007 there is currently NO safe fingerprint reader device - ALL of them can be exploited easily if you know how. One needs a little tinkering and a few thing from your local hardware store...
A few links:
An article regarding fingerprint sensors in the supermarket
http://www.ccc.de/updates/2007/umsonst-im-supermarkt?language=en
Video-Tutorial - howto forge a fingerprint
ftp://ftp.ccc.de/pub/video/Fingerabdruck_Hack/fingerabdruck.mpg?language=en
|
|
ethana2
wrote on the 2 Mar 08 at 06:56
|
|
|
We need a graphical frontend for PAM. Eventually, the following methods should be implemented:
recognition of--
fingerprint
face (flip open the laptop, hit a button, smile, log in)
voice
signature
retina (far off, but when we get there, well, just add it)
and of course, the mainstay of security:
password
(and the power button...)
These need to be able to be used in any permutation.
|
|
hspaans
wrote on the 2 Mar 08 at 18:46
|
|
|
|
Why authenticate with something that you leave on every desk, cup, door? Say anything you touch?
|
|
|
First, because it's slick. Second, because it's faster. Third, because with a thermal fingerprint scanner it's harder to make a copie of a fingerprint.
I'm using Kubuntu on my Dell XPS M1330. Fingerprint works for login and console. But in KDM it does not show that you should swipe the finger and you have to go to the username, press enter an then the fingerprint works. So it's kind of a hassle at the moment.. KDM Fix would be nice. Under GDM it works fine
|
|
|
|
I'm on the fence about this one. Fingerprint identification is slick and useful, but only when physical security is high. It takes an hour or two to copy someone's fingerprints. It could take hundreds of years to crack a good password. Therefore, if fingerprint security is allowed, it should be made clear to the user that it is still better to use passwords instead.
|
|
centx
wrote on the 4 Mar 08 at 23:57
|
|
|
+1 for ethana2.
Develop for the future i say. Include it by default, and have passphrase + print by default, and make it easy to disable the passphrase.
This way users has only themselves to blame if all goes /b/
|
|
konig12
wrote on the 5 Mar 08 at 06:04
|
|
|
In response to concerns about security of fingerprints, I for one am not concerned with security of my machine at the local level. I know the people that would have access to the computer, and I trust them not to go out of their way to forge a print. In this kind of case, the fingerprint functionality makes a lot of sense.
If you want to disable the feature by default, that is fine with me. Give a warning about these concerns even, but the problem that needs to be addressed is that currently it is not possible to use these scanners without bugging out other programs (ie. gksu).
|
|
|
|
Yeah! I have a U. Are U. and cannot use it with my Ubuntu
|
|
|
|
Please not only fingerprint, but also voice, eye, smart card, etc.
|
|
ariendj
wrote on the 16 Mar 08 at 01:01
|
|
|
Biometrics = The Emperor Wears No Clothes
Biometric scanning will give any n00b the idea that his machine is super-safe (it's tech from a sci-fi movie after all and it worked fine there), when in fact the very opposite is true.
rawsausage, spiderpig and hspaans made the point quite clear that fingerprint reading is a moronic idea. If you like low security, go the autologin route. At least you'll know for sure that your machine is a free for all without a false sense of security.
Thermal fingerprint scanners are just as useless as any other form.
Check out the fine links Miyamoto put up there. Essential info IMHO.
Eyescanning or a voice-print make no sense at all from a security standpoint either. Way too complex and therefore way too easy to beat.
Smartcards however deserve support.
|
|
ay
wrote on the 20 Mar 08 at 05:30
|
|
|
I like the fingerprint reader. My take on it is this: if you want to log in remotely (via ssh) then you'll need your public key in my authorized_keys or maybe a password. If you already have physical access to my laptop, then all bets are off and defeating the fingerprint is only going to slow you a tiny bit (you can just remove the hard disk, etc). Since I don't care about what happens once you have physical access to the laptop, I prefer to have the convenience of the fingerprint reader as well as the option of using it when someone is sitting next to me on the train and watching me type passwords.
What I'd like to see is better integration: right now I still have to type my name, but I'd like to just swipe my finger, have the appropriate thing in pam, via, thinkfinger, figure out if it matches a registered user, and go from there (this is the behavior in Windows, I have heard). Currently, you type your name, then swipe your finger for the password. The thinkfinger site says that they're working on this for the future, which is great.
|
|
|
|
Yeah, this is cool, I saw it in movies! :D
|
|
|
|
Some of you confuse what this idea is about. I also think that fingerprints are more insecure than passwords, but that is not the point. To get your fingerprint working you have to struggle for more than an hour. I don't think that Linux for human beings should ensure user security in this way. Instead, it should have full support for fingerprint readers and they should be easily activated after the risks are explained to the user.
|
|
dee70
wrote on the 20 Dec 08 at 16:58
|
|
|
I would like to use this to login - without clicking a username or typing a password. Just swipe my finger and thats it.
I really fail to see how this is a security issue. If I was going to do this to a laptop and leave it sitting out in public and walk away, then it seems it would be more likely to just get stolen. Would the thief come back later and ask for my fingerprint? Even if the felon is clever enough to dust for my print it would still be faster to just boot with a live CD.
I would be using it on a desktop at home. There are only three other people who have physical access to it and I *WANT* all three of them to be able to login anyway. At any rate, seems like it would be easier to just steal the frickin' thing or boot up with a live CD than it would to obtain a copy of my finger. If someone cuts off my finger AND steals my computer, I will be more concerned about the finger.
|
Post your comment
|
Blueprint fingerprint-authentication:
