fingerprintreader



  • This extension is call Fingerfox, it's an xpi file which should install small Text in your FF status bar so that you can click on it and show the Fingerfox popup.

    How it works:
    It simply copy all the forms element of the webpage shown in firefox into a popup which should be seen correctly by DigitalPersona. Note that once you are on the page you need to identify, you can either click on the Fingerfox text in the status bar or press the ALT-X key. For the moment it only works with text and password fields.



  • Microsofthas aquired Digital Persona technology for their fingerprint sensor (keyboard & mouse), so It may be time to read this "old" review (posted before M$ even announce avaibility of it security device line) because it contains some comments you won't find elsewhere:
    product name U are U, U.are.U
    By Digitalpersona, Microsoft

    {mosgoogle center}

    Usage:

     You can create as many profile as needed, open a browser and go to the login page (Here I choose www.runryder.com as an example)


    Put your finger on the sensor, the page do not exist in the keystore, so a page will popup. The title of internet page is use as key.

    Enter the first credential, here the login and drag it to the right place in logon page. Repeat for all fields in page.
    next time You go to that page, put your finger on the sensor and You're in!

     {mosgoogle center}

    Bad:

    • Only working in Internet explorer, not working in any other browser: Opera or Mozilla 
      NEW: U.are.U is working in Firefox 1.0 but Microsoft fingerprint NOT 
    • Security by obscurity (which has be proven to be the worst strategy in history of cryptography): no mention to algorithm used, cipher strengths, no possible review of code. Would'nt it be good for customers, or sales to use clearly communicate on algorithm used?
    • Impossibility to do a backup of the keystore, web profiles... where is the repository of credentials? in windows SAM registry? If you lost your windows account (due to a crash or whatever), your only option is to use the small recovery utility provided, but you will have to remember your passphrase, and you have lost your web account profile.
    • Only working with Windows! Linux is gaining market share at the rate not seen before, why not opening some part to the community or developing a drivers?
    • In a browser, profile are depending on windows title -> clearly not enough if you have many credential on different pages which the same title. Maybe the software should use a variable html part of the content, url...
    • Dll mess, a lot of library are copied to windows/system32 but this is common under Windows...
    • Software version is 2.1, no update since 2002. I would like to see more options!
    • The manual do not give enough advices on how to increase security, which habits are bad, and basics security concepts.
    • Encrypting disk or directory is not possible: only files. You can right click on any file, choose encrypt

      and start encryption by putting one finger on the sensor:


      Decrypting is done by double clicking on a encrypted resource, and putting one finger on the sensor: EASY

    {mosgoogle center}

    Good:

    • Work perfectly with Windows, no problems with: lotus notes login, windows logon, web browsing...
      You are identifiedUnknow user
    • GUI for the average Joe user, nice and simple, very easy to use. Here the contextual menu:
    • Very fast regognition,
    • Fast Learning phase, in 5 minutes the device is working.
    • Nice design, the red color is a nice touch on your desk.
    • Price tags under 69$ in USA (but be careful it will cost You 270€ in Europe...)
    • Good integration in windows (here in system tray)

    {mosgoogle center}

    Conclusions/What I would like to see

    • Open source the code!!!!
    • Working with other browser, Mozilla has 18% of market now, all together alternate browser have less than 30% (see google geist here)
    • Use a know standard: PGP? for example (PGP disk for encrypting folder and partitions)
    • Name of algorithm used: Blowfish?, AES? and options to change cipher strength.
    • A file based keystore, a lot more easier for backup.
    • A linux version or plugin for Kwallet.

    New What are the differences with the Microsoft version?

    I've had the chance to see a Microsoft keyboard with the fingerprint reader in action, what a shame!!
    • Only basic functionnality are still in the driver.
    • No possibility to encrypt file with the device,
    • It is working ONLY in Internet explorer, not in Mozilla (Is it a surprise for You???).
    • Only "normal" windows are recognized by the system: no way to use  it under a terminal (rxvt - cygwin) where the digital persona just work.

    I would stay away from the Microsoft version as long as they do not integrate new intersting capabilities. No need to mention that drivers are not compatible each other....

    {mosgoogle center}

    Overall

    A product for geek, but due to lack of peer reviews on algorithms, it is certainly not a corporate device in any means. For example: why attacking the keystore if you can hook a backdoor to the activeX component in use? (should be easy to do with all Internet explorer issues...)

    Links

    This email address is being protected from spambots. You need JavaScript enabled to view it. sell them in usa at a good prices, also on ebay.com as well

    	EHAG 
    Industriestrasse 8
    Oetwil am See, ZH 8618
    Switzerland
    +41 43 844 94 00
    www.ehag.ch

    COMEDIA
    4 BIS ALLEE CHARLES V
    VINCENNES, - 94300
    France
    33 1 43 28 48 48
    www.comediatech.com

    Others reviews:

    {mosgoogle center}