Monday, October 8, 2012

scumbag biometrics

from here (source image)

take it from someone who has actually developed similar software and fought against this mode of operation. the only way biometrics eliminates your need to enter passwords is by storing those passwords insecurely. (even if UPEK hadn't botched the encryption process, any reversible transformation would still be insecure for passwords)