From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VFQF1-0000Fn-Sd for mharc-grub-devel@gnu.org; Fri, 30 Aug 2013 11:04:03 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59001) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VFQEu-0000EE-9C for grub-devel@gnu.org; Fri, 30 Aug 2013 11:04:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VFQEm-0007EA-T0 for grub-devel@gnu.org; Fri, 30 Aug 2013 11:03:56 -0400 Received: from yes.iam.tj ([109.74.197.121]:33073 helo=iam.tj) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VFQEm-0007Dm-NG for grub-devel@gnu.org; Fri, 30 Aug 2013 11:03:48 -0400 Received: from [10.254.251.50] (jeeves.iam.tj [82.71.24.87]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by iam.tj (Postfix) with ESMTPSA id 2AF233407B for ; Fri, 30 Aug 2013 16:03:47 +0100 (BST) Message-ID: <5220B452.8080103@iam.tj> Date: Fri, 30 Aug 2013 16:03:46 +0100 From: TJ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 MIME-Version: 1.0 To: grub-devel@gnu.org Subject: Re: LUKS Encryption and Fingerprint readers? References: <520D06F7.5030900@iam.tj> <20130829141327.25173ac9@crass-Ideapad-Z570> <20130829202042.F058E193308@jmr5021.mindef.local> <20130830091044.38CAE17CCB5@mx3-out.mindef.nl> In-Reply-To: <20130830091044.38CAE17CCB5@mx3-out.mindef.nl> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 109.74.197.121 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Aug 2013 15:04:02 -0000 On 30/08/13 10:10, J.Witvliet@mindef.nl wrote: > Some time ago i=C2=B4ve been experimenting with fingerprints, and the r= esult was not encouraging... > From security point of view no that many problems (besides all well kno= wn general issue=C2=B4s with fingerprints). > I mean no false positive=C2=B4s, but the huge amount of false-negatives= : nine times out of ten, I did not recognize correctly.=20 I've been using fingerprint-scanning for a year now over successive relea= ses of Ubuntu on these XPS m1530 models (SGS Thompson reader) with libfpr= int. I've found it reliable. I think there are two things that lead to low false-negatives: 1) a good initial scan of the finger(s) 2) consistent conditions for reading For example, a usable but short scan or slightly contrived flexing of the= finger during the initial scan will cause consistency problems later whe= n the finger becomes more familiar with the action and changes the way it passes over the reader. Also, scans originally in bright light will not work well if reading is d= one in low-light conditions such as overnight when a room may only be lit= by the LCD screen. I also found that an original scan done when the finger is moist will cau= se problems with reading when the finger is dry, dusty or dirty. The best conditions for the initial scan I've found are: 1. Do the scan in medium to low-light conditions 2. No excessively bright or directional lighting (avoid strong sunshine f= rom windows, or desk-lamps) 3. Wash the finger(s) in hot water with soap and dry them well, which giv= es clean well-raised profiles 4. Glide the finger above the sensor with some flexing at the leading/tra= iling edge of the scan so the pad of the finger stays in contact with the= centre of the reader I've also found that, for me, the middle and ring fingers of my right han= d are more reliable than index or little.