Topic: Brain wallet password based on fingerprint? - page 2. (Read 2583 times)

Correct, it's the S5 that still had in on screen.

I assume the Galaxy Note uses a Secure Enclave-like system and encrypts keys on a separate chip


This is something I'm really curious about... What about retina/iris, would it increase the set of possible keys?

That's an amazing idea, it's the next gen of security system. I believe that's pretty safe because you have to be you to unlock the wallet, except if someone cut off your finger and use it to unlock the wallet.
But It's actually still hackable, because someone can just find your fingerprint on your belongings and use it to unlock the wallet.

You mean on the Galaxy S5?

I'd say generally, that the retina scan should provide better security however there are obviously important factors that play a role in this. I wonder how secure the iris scanner in the latest Galaxy Note is.

Indeed. It is less impractical if rarely used, although I do wonder the implications of this. From what I've gathered, there's only some research in this area.

This statement is incorrect. You may be able to pull decent fingerprints, but that is inadequate for one to bypass fingerprint security easily.

Thanks for sharing the post. The author makes a very good point by stating that compromised fingerprints can not be changed (which is the exact opposite of passwords).

Fingerprints aren't safe wallets since they are basically really easy to replicate even with simple household items.

If you're a marvel fan, you might have already seen what Scott Lang (Ant-Man) did to get Dr Pym's fingerprint.
Of course, they didn't actually show what the items and the complete steps were but if you were to google what he did, it's actually pretty simple.

We had a company doing a demo with one of the scanners and they have done independent test with fingers from dead people and it did not work. It has something to do with the electric current or energy that are within a living finger. He says not all devices have this feature, but their technology did.

So your cheaper brand scanners might be fooled by a finger being cut off or a eye being gouged out. ^grrrrr^

all i'm saying is: it's a good way to generate passwords, not the best way of course but still good.
So, for small amounts would be okay(a.k.a acceptable but not recommendable).

most users dont even care to have a offline wallet.

firstly
smart phones get handled.
so if you steal a smart phone then with a bit of dustpowder and some tape you can literally get the fingerprint from the screen of the same device you want to raid.

secondly
finger prints are not exact.
there are hundreds of 'indicators' on a finger, but get a papercut a few of them change/disapear, get old or fat and it changes. get calluses from hard labour work, a few of them change/disapear. use chemicals as a janitor on your hands in an accident, a few of them change/disapear
this is why the threshold for 'comparison' in criminal evidence is so low at a 6-12 indicator points because getting ALL indicators will never be possible.
meaning you cannot rely on hand picking just 6-12 indicators last year, hoping they will still be there in a few years. criminal finger print comparison looks at MANY indicators (above threshold) from an old sample and hope to find just 6-12 indicators on a newer sample

thirdly
retina scans are not perfect either.. diabetes, catacts, blindness, and other conditions can 'blur' the image obtained from a retina scan..

fourthly
identifyers in your head (password) is much safer than identifyers on your finger. imagine it this way. having fingerprint ID is like shouting out your email password every time you touch a light switch, cutlery, a bottle, even the tv remote.

in short trying to solve a security issue by making is stupidly easy for others to get hold of with some tools, or worse case eventually lose you access to due to nature purely based on laziness of someone clicking a few buttons and thinking about safe storage(using their brain).. is ultimately not a solution to security

it made the title laughable.. brain wallet without the brain....
you may like my next pun..

ill give this idea my middle finger

there are circumstances that would affect your  fingerprint even though its unique but there are factors would definitely change that as you said especially to those  handyman jobs. I do experience that situation where biometrics have that problem on have a hard time on recognizing those fingerprints and some have already registered already.

It doesn't have to be beautifully printed, as Luda previously said. It would take some trial and error, but a fingerprint sensor isn't foolproof.

A Fingerprint or Iris scan as a 2FA is a good idea though.

At least we can count that this method does it job and fingerprint is not secure at all, it is needed online one time and all bitcoins can be lost, I haven't made a deep research but I believe that there are more ways to hack the fingerprint but maybe an Iris scanner and a password or/and a 2FA would be enough.

There is no "log in" in Bitcoin. You use your client as usual and you recover your keys via fingerprint/retina scan.

AFAIK only Samsung used a fingerprint scanner on screen and they've already ditched that... But yeah, I kind of get your point


That would have to be weighed in regarding data randomness obtained in both methods and if the security given by one method tops over the cost saving the other method offers.


Since it would only be to recover a passphrase, I'm not sure if it would be all that impractical (you would only use it once in a while). We would probably have to build hardware for that tho...

Lips are very distinct, and they're also used for investigation in forensics, hence my idea


Yes, this is a valid issue to which I have no suggestions


People could also force you to reveal your backup location...


Great idea too


Software attempting to communicate with a server somewhere, storing our biometric data would probably be detected by someone auditing the code.


This was what I was referring to back in the 1st page... To be able to replicate a fingerprint this way, you have to have it very beautifully "printed" on a surface, and that doesn't happen frequently in real life





To further enhance the fingerprint idea, one could create its passphrase using a specific sequence of fingers...

I'd still love to see this happen, fingerprint or retina scan or both.

Golly, you people are so much more security savvy than I am. I'd be dead impressed with myself if I was using fingerprints for stuff. I suppose fingers can be cut off and retinas gouged out. I'll be waiting for a scanner that reads my eternal soul. Until then passwords do the job.

First of all the idea is good but there are some other better biometric security way like Iris scanner that recently is introduced on the Samsung Note 7. I don't know if you know but the fingerprint can easily be hacked by some kids toys that use in kindergarten for more check this video how can an iPhone touchID can be hacked/tricked: http://www.dailymail.co.uk/sciencetech/article-3471718/Can-iPhone-s-fingerprint-sensor-hacked-using-PLAY-DOH-Researchers-claim-toy-bypass-Apple-s-security.html#v-5041464962111065112

You leave your fingerprints everywhere... EVERYWHERE. On everything you have ever touched and will ever touch, and they are easy to grab and replicate.

Rethink this idiocy at once!

Apart from discussing whether this idea is feasible or not. Fingerprint recognition technology is simply not good in my opinion.
First, I am not a fan of my fingerprints data stored anywhere; secondly I don't think current fingerprints tech is good enough to recognize real fingerprints from fake ones.

And believe me, we don't want to go into Bio metric way of identity confirmation, soon we could be tagged exactly in a way cattle is.

I would never use some biometric data to generate my private keys ever.. It is just too simple to reproduce.

Fingerprints: Lift them from your door handle or coffe cup or even your keyboard at work.
Retina scan: One good high resolution photo of your face and you can reproduce it.
DNA: One hair or some skin is enough to gather all you need.

It is one thing to unlock your wallet with biometric data as a second or thrid factor authentication, but generating your private key from this means you can bypass any wallet password or 2fa by just gathering your biometric data.

It could be used as a salt behind your private key though.

Not a good idea.... We had a biometric scanner system linked to our payroll system... you clock in and out with a finger print scanner.. but some of the guys { those who did handyman jobs and work

with their hands a lot } had problems with the system not recognizing their fingerprints. The other problem --> People will know that your finger print is the way to access your money and they would

simply force you, with violence to give up your money.. A password memorized and written down as a backup in a safe place, will never be trumped by Biometrics. 

Anyone designed a wallet with this concept. This will be a huge steps for Bitcoin if it is going to happen

It's a pretty good idea I'd say, and I don't think that anyone has designed a wallet around this concept yet. You might want to look into getting someone to develop the idea or researching if anyone else has put the time in to make something like this. It might be a huge thing if no-one else has done anything with the concept yet.

yea, its a great idea, but think that there will be a lot of error for login because if the screen doesnt reconize just one line from your finger it cant accept the fingerprint