Fingerprint private key | Bitcointalksearch.org

kingcolex

sr. member

Activity: 254

Merit: 1258

Quote from: Amph on April 08, 2015, 10:50:39 AM

i could see biometric security taking place in the future side by side with bitcoin

retina scanning for private key, would be pretty cool indeed and better than fingerprint

Well if we could get a random generation based off DNA it would be better just a finger prick like diabetics use to check glucose levels.

Amph

legendary

Activity: 3248

Merit: 1070

i could see biometric security taking place in the future side by side with bitcoin

retina scanning for private key, would be pretty cool indeed and better than fingerprint

Abdussamad

legendary

Activity: 3640

Merit: 1571

Quote from: arivar on April 07, 2015, 01:58:18 PM

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

You leave your fingerprints everywhere so it wouldn't be very secure.

Discussion on creating keys using fingerprints:

http://crypto.stackexchange.com/questions/16370/generating-encryption-keys-from-biometric-fingerprint-templates

ensurance982

hero member

Activity: 518

Merit: 500

Trust me!

Quote from: arivar on April 07, 2015, 01:58:18 PM

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

You could use it as a seed to generate a private key, yeah. The question is: Is the entropy high enough (most likely yes), is the function creating a seed from your characteristics safe (could be)? Oh and pay attention not to get your fingerprint stolen. Biometrics generally are pretty bad security tokens.

arivar

newbie

Activity: 41

Merit: 0

I agree with all the points against the idea of the fingerprint. However, I am still interested in finding a solution for me main problem:

How to store a safe private key without the need of writing or remembering anything ?

I believe both the fingerprint and iris scanner could achieve the conditions above if it wasn't so easy for other people to access. I would love to see some other suggestions.

Thanks.

Q7

sr. member

Activity: 448

Merit: 250

Just make it as simple as possible. I was thinking why not store your private key in a word file and then use a fingerprint security locking program on that file meaning that the file can only be accessed once it has scanned your fingerprint and confirm it is you. Much safer than using a program written specifically to calculate and determine private key based on a set of formula derived from your fingerprint image.

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: mercistheman on April 07, 2015, 03:14:39 PM

I burnt my finger on a wood stove... my lappy reader had difficulty reading the print.

Exactly what I was thinking. Some people even lose some fingers or thumb in accidents. I won't risk my Bitcoins with this.

coinpr0n

hero member

Activity: 910

Merit: 1000

The idea is actually pretty cool. I could see it being used as one of the factors of authentication. Fun to think about ... maybe hopefully some work will be done in this direction. Nice one!

Soros Shorts

donator

Activity: 1617

Merit: 1012

Keep in mind that your biometric data is not necessarily private. For example, my former employer already has one of my thumbprints and my retina scans of both eyes on file because I needed access to an area secured by biometric scanners. I am not sure what their data retention policies are for employee records, but I am not trusting them 100% that they won't share or leak this data at some point in time.

Denker

legendary

Activity: 1442

Merit: 1016

Quote from: ?? on ??

I don't know all the flaws in retinal scanners but I think that would be a far better idea, you don't go leaving your eye everywhere.

(Again I don't know how easy it would be to use a photo to recreate and fake a retinal scanning.)

Not secure! A hacker named starburg from chaos computer club in Germany showed last year on a hacker congress how easy it is to obtain Iris pics (with normal digital camera) and fingerprints of politicians for instance and to misuse it and to break security barriers.

http://www.theregister.co.uk/2014/12/29/german_minister_fingered_as_hackers_steal_her_thumbprint_from_a_photo/

And in german if you like: http://www.heise.de/security/meldung/31C3-CCC-Tueftler-hackt-Merkels-Iris-und-von-der-Leyens-Fingerabdruck-2506929.html

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: BitcoinNewbie15 on April 07, 2015, 08:37:24 PM

Quote from: ?? on ??

Quote from: BitcoinNewbie15 on April 07, 2015, 04:04:26 PM

Oh creating a private key with your fingerprint is an awesome idea! I wonder if it will be possible one day?

Yeah totally awesome that way you leave your private key everywhere and anyone who knows you happen to be wealthy is powdering your door handle and emptying your btc wallet.

Then you will need to wear private key gloves which would make it even cooler Cool

IIRC urine samples are unique and unlike gloves can not be forgotten or lost. Youd have a similar problem as with the fingerprints though, people need to urinate and the circumstances might not be secure for "dumping" your private key seed into the wilderness. Seed reminds me, sperm samples probably also work. The need to spread them in public or unintentional is usually limited. To keep the system available for everyone, how about blood samples?

Quote from: Kprawn on April 08, 2015, 02:53:29 AM

Well, why only finger prints? ..... What about retina scanners? or something linked to our DNA? There are some very cool biometric scanners out there. Grin

Do not shoot down a idea, because of the flaws in the current technology. Wink

.... If you carry your Trezor {hardware wallet} with your built in finger print scanner with you... and it generates your private key from one of your fingers and use that finger to authenticate the device... you might have something special. Grin

I think it's a cool idea, but the implementation should be rock solid and preffably offline on a hardware wallet. Cool

I think it would certainly be possible, the question is whether someone actually wants to pay with their blood in order to keep their coins safe. A typical problem with biometrics still stands and that is: you cant change it. Once your fingerprint/retina scan/sperm/vaginal fluid/blood sample is leaked you cant get a new one. I still think passwords stored in memory or a password database (which in turns needs a password stored in memory) is the way to go. Keep backups digital and physical in secure locations and even if you should have problems with your memory you have a place where you can look. Well unless you forget about that place as well...

Kprawn

legendary

Activity: 1904

Merit: 1074

Well, why only finger prints? ..... What about retina scanners? or something linked to our DNA? There are some very cool biometric scanners out there. Grin

Do not shoot down a idea, because of the flaws in the current technology. Wink

.... If you carry your Trezor {hardware wallet} with your built in finger print scanner with you... and it generates your private key from one of your fingers and use that finger to authenticate the device... you might have something special. Grin

I think it's a cool idea, but the implementation should be rock solid and preffably offline on a hardware wallet. Cool

BitcoinNewbie15

sr. member

Activity: 574

Merit: 296

Bitcoin isn't a bubble. It's the pin!

Quote from: ?? on ??

Quote from: BitcoinNewbie15 on April 07, 2015, 04:04:26 PM

Oh creating a private key with your fingerprint is an awesome idea! I wonder if it will be possible one day?

Yeah totally awesome that way you leave your private key everywhere and anyone who knows you happen to be wealthy is powdering your door handle and emptying your btc wallet.

Then you will need to wear private key gloves which would make it even cooler Cool

arivar

newbie

Activity: 41

Merit: 0

Quote from: shorena on April 07, 2015, 05:52:16 PM

Quote from: RodeoX on April 07, 2015, 03:13:43 PM

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy. Undecided

Starbug only needs a picture of your finger[1][2]. Its incredible that this is still a "security" mechanism in passports.

Quote from: unamis76 on April 07, 2015, 03:50:59 PM

I don't see how could this be useful. I only see fingerprints useful to access funds, and we already have that (things like TouchID).

For key generation it would probably be more useful to use things that aren't easily accessible, such as a retina scan. Now that would be nice, either for generation or accessing funds

See above or here[3], thats no better.

Quote from: Lauda on April 07, 2015, 03:13:04 PM

Quote from: arivar on April 07, 2015, 02:56:02 PM

Quote from: shorena on April 07, 2015, 02:48:25 PM

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

That makes sense, it definitely isnt a safe way to store a private key. I was trying to think about someway to store a private key without the need of writing things somewhere(that can get lost) or of remembering long paraphrases.

I don't think that people realize that this is actually a very bad idea. You could get amnesia, some form of dementia e.g. early onset Alzheimer's.
As for OP using a fingerprint is not safe. You leave so many fingerprints everywhere. One could easily follow you and extract one (if you live in a crowded city) without you noticing it.

I think the point was to find something that can not be lost and not be forgotten easily. Both is true for the finger, even though you might lose the prints you still have the original finger as long as you dont burn or cut yourself. I think OPs idea was the reduce the strength of the passphrase (e.g. a HD wallet seed) and make up for the loss of security with the finger print. Thus its easier to remember than a seed alone, but still as secure.

[1] sorry german -> http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.html#video
[2] english article -> http://arstechnica.com/security/2014/12/politicians-fingerprint-reproduced-using-photos-of-her-hands/
[3] http://www.forbes.com/sites/thomasbrewster/2015/03/05/clone-putins-eyes-using-google-images/

That's exactly my point, thanks for explaining it better.

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: RodeoX on April 07, 2015, 03:13:43 PM

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy. Undecided

My favorite fingerprint hack is the fake finger made out of gummy bears.

http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/

Quote

A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.

First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.

¡ndustrialcoinmagic

newbie

Activity: 16

Merit: 0

Im waiting to see this type of integration with the software launchkey https://launchkey.com/

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: RodeoX on April 07, 2015, 03:13:43 PM

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy. Undecided

Starbug only needs a picture of your finger[1][2]. Its incredible that this is still a "security" mechanism in passports.

Quote from: unamis76 on April 07, 2015, 03:50:59 PM

I don't see how could this be useful. I only see fingerprints useful to access funds, and we already have that (things like TouchID).

For key generation it would probably be more useful to use things that aren't easily accessible, such as a retina scan. Now that would be nice, either for generation or accessing funds

See above or here[3], thats no better.

Quote from: Lauda on April 07, 2015, 03:13:04 PM

Quote from: arivar on April 07, 2015, 02:56:02 PM

Quote from: shorena on April 07, 2015, 02:48:25 PM

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

That makes sense, it definitely isnt a safe way to store a private key. I was trying to think about someway to store a private key without the need of writing things somewhere(that can get lost) or of remembering long paraphrases.

I don't think that people realize that this is actually a very bad idea. You could get amnesia, some form of dementia e.g. early onset Alzheimer's.
As for OP using a fingerprint is not safe. You leave so many fingerprints everywhere. One could easily follow you and extract one (if you live in a crowded city) without you noticing it.

I think the point was to find something that can not be lost and not be forgotten easily. Both is true for the finger, even though you might lose the prints you still have the original finger as long as you dont burn or cut yourself. I think OPs idea was the reduce the strength of the passphrase (e.g. a HD wallet seed) and make up for the loss of security with the finger print. Thus its easier to remember than a seed alone, but still as secure.

[1] sorry german -> http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.html#video
[2] english article -> http://arstechnica.com/security/2014/12/politicians-fingerprint-reproduced-using-photos-of-her-hands/
[3] http://www.forbes.com/sites/thomasbrewster/2015/03/05/clone-putins-eyes-using-google-images/

randy8777

legendary

Activity: 896

Merit: 1000

Quote from: arivar on April 07, 2015, 01:58:18 PM

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

it would be a very bad idea to use a site to secure or create private keys via the internet. that's asking for problems. finger print security is not as secure as many think. you can easily get around it. search on youtube and you'll find out how.

--Encrypted--

copper member

Activity: 924

Merit: 1007

hee-ho.

using fingerprint as a private key is a very bad idea for bitcoin users. there's more than one way for someone to "steal" your fingerprints, and staying anonymous will be very hard as you can be identified with your fingerprint alone.

BitcoinNewbie15

sr. member

Activity: 574

Merit: 296

Bitcoin isn't a bubble. It's the pin!

Oh creating a private key with your fingerprint is an awesome idea! I wonder if it will be possible one day?

Topic: Fingerprint private key (Read 1432 times)