data encryption + Biometric security

Thu Feb 1 18:41:00 CET 2007

Salve Ben!
First it sounds a very smart idea to have biometric security,
but sorry, when I give you some sceptical feedback.
On 2007年2月01日, Ben Burdette wrote:
> Here are a couple of items for the phone wish list: data encryption and 
> biometric security. 

Biometric "security" wasn't discussed by the OpenMoko community yet,
I'm no crypto expert, but I'm not convinced that biometric worth 
the hardware... see:
http://www.ccc.de/biometrie/fingerabdruck_kopieren
When somebody wants to play with biometric "security" the Neo1973
could be used for voiceanalysing - Print 7 random words to the 
screen and the user has to read them aloud ...
> I'd like the phone to be a secure place for me to 
> store passwords and similar information. Are there plans to have some 
> security features like this, that would prevent someone from extracting 
> secure data from the phone if it was lost? 

A file could have an encrypted filesystem, acess is given
only for a while and only while GPRS connection is on.
If it is lost, use Internet or an asterisk server to 
unmount this file.
> Having a fingerprint scanner would be more of a convenience feature so I 
> wouldn't have to enter a password whenever I want use the phone, or 
> alternatively when I want to access encrypted data. 

Sounds nice, but I have doubts that a fingerscanner is given
real security.
I will going to play with my (Debian) Crytoflex card, but
not to make access more easy - to make it more secure.
So when I have to lost both - my Neo and my Cryptotoken.
projectblackdog.com costs 199US$+Chiping for me to expensive.
But this is just my 2cents....
When somebody has such a finger scanner and likes to make it
running with OpenMoko would be fine - but expect also some 
feedback that the fingerscanner concept is not so secure as
it looks like:
google "finger scanner site:www.schneier.com"
Greetings,
rob