I thought I’d ask to see if anyone has used a fingerprint usb or other device successfully with Linux. Possibly only allowing the secondary or primary means of accessing files remotely or locally with the fingerprint scanner.
Maybe locking access unless you have the biometric data?
Has anyone played with this or thing it’s overkill or not effective?
Thought I’d see what people think or have experienced.
I also considered a CAC card… but not sure if it would be a pain to make for use or cost prohibitive.
I just wondered if maybe someone in the linux community had designed a way to use biometrics such as a fingerprint to possibly encrypt data so it’s useless without that fingerprint data… Maybe thats to complicated or a superficial appearance of security… I dont know I used to use a CAC card all the time, but I dont know. Just though I’d see what people thought.
I heard the problem has always been that the fingerprint reader firmwares/drivers are proprietary and no one has any interest in reverse engineering it. Can anyone confirm?
Thought it might be a smart way to encrypt data for cloud BU as well possibly… if this isn’t utilized or created in someway, would it be possible? Maybe profitable?
That’s true. I also wonder what the data file for the print looks like and if it would be possible to use that data as the “key” for the Cypher of the data.
Admittedly I have zero programming experience, but I am getting better at reading code. That’s why I am loving linux because I can actually SEE what my pc is doing if I want to.
I think the usefulness of biometrics are overshadowed by the development of hardware keys like yubikey. After all if your fingerprints are compromised (as in if the attacker gets a copy of your fingerprint), there is no way to uncomprise it because it is permanently stuck on your hand.
You might be looking at it wrong; you just want the biometric to be the passphrase that unlocks a data store.
So the encrypting software can be anything, just need an app/program to get a key phrase from a biometric reader.
Obviously you could bundle them into one package, or whatever, I don’t think that is the hurdle.
The biggest hurdle is how temperamental biometrics are.
Fingerprint readers to unlock devices need to save a bunch of angles, because the flesh moves, and might be presented in different orientations.
Your phone might be taking 100 pictures of your finger a second, trying to compare it to a print it has on file, and the “hello” face unlocking can take a bit of waving before it recognises?
But you can completely change car keys and house keys to use a different set of pin depth combinations.
Not so with fingerprints. You could change it temporarily but it reverts back. You could also change it permanently but in an extreme destructive/catastrophic ways:
Amputation. - self explanatory
Subdermal destruction - via caustic/thermal/incisional removal of the dermal layer, causing scar formation that is devoid of the usual topographic markers used for identification.
Anyway… you could not reliably change your fingerprint into a pattern that is compatible with new topographic “whorl” features to make new unique unpredictable combinations. If you can, you should probably talk at DefCon or something…
Additionally you can be coerced into unlocking said device or data. By either a malicious person (by threat of violence) or the police/courts (here in the us anyways).
Worse than coercion, like a passphrase can be coerced; Stolen by courts/Fed/Leo, without consent.
Like, they can compel you under threat of prison to give a passphrase, and lock you up for non-compliance, but they can steal your biometrics to unlock it. And I would say holding a phone up to your face is stealing access that you don’t permit, rather than coercion/encouragement/request which you can deny.
That is just my opinion.
As far as I know, the only guys put in prison for not sharing passphrases are suspected pedo’s, so the media not making a fuss. If the LEO stole biometrics, it would get around that.