monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL

From: Daniel Carrera
Subject: Re: [Monotone-devel] WARNING: ~/.monotone/keys CONSIDERED HARMFUL
Date: Tue, 21 Oct 2008 14:39:19 +0200
User-agent: Thunderbird 2.0.0.17 (Macintosh/20080914) 
Richard Levitte wrote:

I disagree with that notion.  Why would visual identification not be
identification?  I usually recognise people whose face I've seen, I
can identify them that way.  Thus, a picture is an identity as much as
a name is.
Ah, but you have a database in your head that can match people's faces with identities. That is why, in that case, the face can serve as an identification token. But it is that database that makes the identification work. Imagine that you are a pharmacy owner in California and someone comes with an ID that allows them to buy medical marijuana. You can verify that the face matches the picture on the card, and that the card is authentic. So you have authenticated the person in front of you as a valid recipient of medical marijuana, even though you have no idea who he is (his name and address are not on the card). But now add a computerized system can bring up the name and address of the card holder. Suddenly, the card has become an identification token again.
So you see why it can be easy for a human being to mix up identification and authorization. Our intuition often betrays us because in typical person to person interactions (ie. using the database in your head) the two steps are not clearly distinct. But mixing these up can lead to poor security decisions. Some examples:
1) Your social security number is a great identification system, but it is not a good authorization system. It is not secret. Asking you for your SSN to verify that you really are Richard Levitte is bad security.
2) Biometrics (your face, your voice) are fine identification methods within your circle of friends. But if you ask a computer (or a person) to look at the face on a picture and try to match it against one of the 10,000 faces on our database of bad people, the system will fail too often to be useful. So it fails as an identification system. But it could still be used as an authentication system. You walk up to the counter and say "my name is Richard Levitte" (identification). The clerk pulls up the record with your name, sees a picture of you, and verifies that the pictures match (authentication). A computer could do the same (as long as the computer can verify that the face its scanning is attached to the body and you are not just holding up a photo of Richard Levitte). 


Daniel.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]