Thread: Security Ideas for new App I'm Building?
View Single Post
  #10 (permalink)  
Old 08-01-2007, 04:42 PM
Ari
Guest
  
Posts: n/a
Default Re: Security Ideas for new App I'm Building?
On Wed, 01 Aug 2007 02:13:24 -0700, ric wrote:

> On Jul 31, 6:06 pm, Ari <arisilverst...@yahoo.com> wrote:
>> On Tue, 31 Jul 2007 02:48:40 -0700, ric wrote:
>>> Don't even *think* about voice or video recognition, this is such a
>>> dumb idea.
>>
>> Why?
>> --

> Where do I start?
> Consider why neither of these options are in widespread use.

That means nothing. Btw, they are in widespread use non-civilian.

> Some points to start you off:
> 1) you'd need to securely rewrite MSGINA on windows to allow logon via
> either option.

Linux.

> How do you expect your video or audio recognition to
> work before logon?

On all the time. Logon is by recognition.

> Are you proposing to do it in hardware? If so,
> which hardware did you have in mind? What is the cost of that
> hardware?

No but if I was, firmware.

> Is your solution going to be able to be remotely
> administered so when a worker forgets their glasses or has a headcold
> they can still login? Will it hook into AD, etc?

Look, you can throw a 1,000 questions at *any* authentication
methodology, none of these are unique to A/VR.

> 2) there are much simpler methods that demonstrably work. If you
> can't deal with individual usernames/passwords then rely on a simple
> physical token and password - e.g. a smartcard. these are easy to
> integrate into your infrastructure.

???? You still have passwords.

> 3) why over complicate things? no-one is going to congratulate the OP
> on their expensive, overly elaborate and fragile implementation of
> something just because it's "cool".

It's only complicated to you.

> 4) In a burger-flipping environment, something that relies on voice
> login in a noisy environment is a dumb idea.

There are no controlled audio environments? When did you become a
burger-flipper construction expert?

> Logging in via a video
> image in an environment where people regularly wear hair nets etc is
> similarly dumb.

Take them off.

> 5) Whilst adding significant cost and complexity, both video and voice
> login would have lower security: unless you can somehow avoid being
> able to login with a recording of someone or a photograph.

You're just ranting withut a clue.

> I could go on, but this is such an obviously bad idea I don't think I
> need to.
>
> Ric

No, you don't need to, that's for sure.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Reply With Quote