... and fingerprint authentication has problems too

Victor Odhner vodhner at cox.net
Tue Aug 2 17:48:02 MST 2016 

I’m getting old, and last time I had a fingerprint card created it took them a while to pull what looked like a real print. I volunteer at a place where paid staff check in and out with their fingerprint. It’s good I’m “unpaid staff” because they might not be able to read my finger.

Speaking of pronounceables:

My son put me onto “diceware” to generate strong, pronounceable passwords:
http://world.std.com/~reinhold/diceware.html <http://world.std.com/~reinhold/diceware.html>

I have a script on my macbook based on code by Aaron Toponce:
https://pthree.org/2012/09/27/automated-diceware-passwords/ <https://pthree.org/2012/09/27/automated-diceware-passwords/>
http://world.std.com/~reinhold/diceware.wordlist.asc <http://world.std.com/~reinhold/diceware.wordlist.asc>

We beefed up the randomizer a little. Don’t remember where this came from, so I can’t defend it:

function five-dice-roll {
    I=0
    while [[ "$I" -lt 5 ]]; do
        RND=$(echo -n $((0x$(head -c 1 /dev/random | xxd -ps))))
        if [[ "$RND" -lt 252 ]]; then
            DIE=$(((RND%6)+1))
            DICE="${DICE}$DIE"
            I=$((I+1))
        else
            continue
        fi
    done
    echo -n "$DICE"
}
___________________

On Aug 2, 2016, at 15:00:05, Matt Birkholz <matt at birchwood-abbey.net> wrote:

> From: Stephen Partington <cryptworks at gmail.com>
> Date: Tue, 2 Aug 2016 06:01:08 -0700
> 
> Point being. Passphrase should be combined with biometric.

How about one big pronounceable?  I've found even large ones (16
letters) surprisingly easy to remember, so I use several.  I get them
from gpw(1).  Unfortunately the manpage does not say how many bits of
entropy are in each trigraph.

Aren't They getting search warrants before using fake fingertips?
They will kick in your door and kill your dog if they can get a
warrant.  Using a fake fingertip seems downright civil compared to
THAT.
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160802/1e545914/attachment.html>

More information about the PLUG-discuss mailing list