Subject: Re: PAM stinks
To: None <firstname.lastname@example.org>
From: Miles Nordin <carton@Ivy.NET>
Date: 10/03/2001 17:35:46
> (hopefully) unique data from the fingerprint/iris scan are stored
> in a string (compareable to crypted passwords). Some kind of
> database associates the string with a user
That's not what I've been hearing from ongoing discussions about
face-fishing and biometrics at airports. The performance of a
system is quantified by a grid of four probabilities:
1. Authenticatee is person-X. System claims he or she is not X.
2. Authenticatee is not person-X. System claims he or she is X.
3. Authenticatee is person-X. System claims he or she is X.
4. Authenticatee is not person-X. System calims he or she is not X.
The comparison of biometric data with ``the database'' (of training
examples) is opaque and/or closed-source proprietary, and the biometric
scanner absolutely does not produce unique data. Any data that matches
individual people 1:1 must come out of the database, and is subject to
the four probabilities above. Therefore there must be an opaque
connection between the database and the scanner.
But, that should fit into the PAM framework with no problem. Just add
libpam_biometric.so to your pam.conf and suddenly the retinal scanner
will work with all your PAM-enabled applications.
What a bucket of horse-shit.