Bitcoin Forum

I just had an idea. What if there is a tool which algorithms create a brain wallet password from the fingerprint (or from multiple fingerprints of the hand)? Every fingerprint is unique. Therefore every password created by the algos will be unique, too.
Thus, one would never run into the risk of losing his or her password anymore. Perhaps there is something already. However, I do not know it.

I think this has been discussed previously on the forums, or somewhere else, just not sure where... I'll post it if I find it.

This is indeed a great idea, just like there are wallets that allow for fund spending after fingerprint identification, there could possibly be a way to make a "passphrase" of some sorts, composed of fingerprints.

However, at this point in time, it would probably be wiser to bet on retina scanning for this purpose. Or at least retina scanning for spending authorization: we probably don't have camera with enough definition to "take" more random "info" from our retinas than from our fingers.

Interested on opinions regarding retina scanning as an alternative for passphrases vs fingerprints... :)

i think fingerprints it's not that secure, it can be repliacated easily, by using the victim fingerprint, on any material that he/she may have touched, it's better to do it in another way like retina yes, or particolare code done with some gestures?

Good fingerprint replicas aren't easy to make. They take time and that's probably not feasible in most attack vectors.

Not sure I understand what you mean by gestures... :)

Interesting concept, but no. You need to think about this more deeply.

I disagree.

It isn't secure. I generally only use it on phones that don't have any sensitive data nor amount of money on them. People leave their fingerprints pretty much everywhere, one would just need to keep watch of where you're going for a few days and would surely be able to reconstruct your fingerprint from some public place (e.g. transport, coffee shop). Additionally, the law enforcement can unlock your device (or gain access to your money in this case) when we are talking about a fingerprint. When we are talking about passwords, they can't force you to give it to them. Depending on the complexity, they may not be able to do anything about it.

Adequate replicas are easy to make. You should do a bit research regarding the sensors used by smartphones these days. Generally, I think a iris scanner would be a better option.

i would say this is a bad idea.
fingerprint or retina can be faked . we all have seen it done more than once. and also if there is a way to make this safe i would bet, that i will not be implemented in a safe way, because some company wants to be first and the trad off safety for time.

there is also the problem, that you have to agree how to convert the analog informations to digital ones, so that they will match exactly every single time.   

there you go (using google)
https://bitcointalk.org/index.php?topic=1016478.0;all
especially this comment number 3 (https://bitcointalk.org/index.php?topic=1016478.msg11012336#msg11012336) has some good information and some good links that you can follow up for more information on it.

but in conclusion it is indeed a cool idea but it may not be as safe or even easy as you think. but for a random and unique address i think it is good.

Good idea but difficult to implement. You will definitely need a Digital Image Processor software to identify the finger print and convert it into some kind of "passcode" then the private keys. To me, there are too many potential points of failure which may affect the security and accuracy of the system...

it is a great idea but it has to be a very good technology , because someone can make a copy of your fingerprint and use it for login to you account.

Great idea Lauda! I'll take 3. Just send me a PM when you're doing the beta testing and I'd be happy to lend an eye hand.

---

I do think the fingerprint idea would be perfect for spending money but not huge amounts of bitcoin. It would be a great idea if there was 2FA, a password on the local device you're trying to spend from and a fingerprint scan needed. That would take care of most if not all of your 'hacking' issues.

History tells us that systems like Touch ID aren't easy to deceive with fake fingerprints, although it's obviously not impossible to do so. I'm not familiar with systems by other brands, but I assume the same applies. But yes, I agree 100% on retina scanning, as I've also suggested in my post. That would be the future. I'm curious as to what kind of randomness can we "extract" from an iris, as stated in my first post.

But building further on the fingerprint idea: you can further enhance the security of something protected by fingerprinting using one's lips. So 10 fingerprints + lips print would be way much more harder to obtain and it wouldn't make the process of recovering a wallet a bigger burden.

Jut my take on this topic... I think we can explore this much further, whether through the fingerprint topic or through the retina scan topic :)

cmon guys... i'm sure the fingerprint idea isnt to secure the nacional bank..
it's not like any thief close to you will know how much bitcoins you have and where you keep them..much less know that your password is your fingerprint AND know how to replicate it.

to me, sounds like a great idea. You dont need to generate a random password and memorize/keep it in some place.

If bitcoin will use fingerprints password they need to have a very very good system for this type of password. Millions of prople are using bitcoin , so there will be millions of fingerprints, there will be lot of errors in log in. Maybe you want to login trough fingerprints but your phone is a bad model and it's scress doesnt reconize you fingerprints.

trust me these things go down very quick.
maybe a coworker or a friend will overhear a conversation or you are bragging about bitcoin and once he knows where to look it is not that hard anymore. you would be surprised how fast a friendship can end over money.
i also do not like the argument, that we can just use it for small sums. what happens is that it works for small sums and we get used to it so we start using it for big ones too.

I hope that you're not being serious. :D

I'm pretty sure that people around here don't know that there's a difference between retina and iris scans. Retina scanning should provide better security but it does come with higher equipment costs.

Lip print? That would be very impractical if you ask me, but an interesting suggestion nonetheless.

You may be right if we are talking about trivial amounts that almost nobody would want to steal anyways. Otherwise you're naive and wrong. People are willing to do all kinds of 'bad' things for money.

Thats a good idea to have more secured wallet. This would be the best wallet if its created. They will trust wallet more than other wallets. Also wallets that uses iris scanner is good too since some smartphones has iris scanner. Im sure hackers are having hard time unlocking this wallet. Also voice recognition is good too. But i prefer the iris scanner because its not easily be copy unless they remove your eyes and use it to unlock your wallet.

Wow, amazing idea. This could be an alternative to the security of every wallet bitcoin we have. This is going to get these new ones in the bitcoin: for we will not feel fear when saving bitcoin and will not get a suspicion.

yea, its a great idea, but think that there will be a lot of error for login because if the screen doesnt reconize just one line from your finger it cant accept the fingerprint

It's a pretty good idea I'd say, and I don't think that anyone has designed a wallet around this concept yet. You might want to look into getting someone to develop the idea or researching if anyone else has put the time in to make something like this. It might be a huge thing if no-one else has done anything with the concept yet.

Anyone designed a wallet with this concept. This will be a huge steps for Bitcoin if it is going to happen

Not a good idea.... We had a biometric scanner system linked to our payroll system... you clock in and out with a finger print scanner.. but some of the guys { those who did handyman jobs and work

with their hands a lot } had problems with the system not recognizing their fingerprints. The other problem --> People will know that your finger print is the way to access your money and they would

simply force you, with violence to give up your money.. A password memorized and written down as a backup in a safe place, will never be trumped by Biometrics.  ;)

I would never use some biometric data to generate my private keys ever.. It is just too simple to reproduce.

Fingerprints: Lift them from your door handle or coffe cup or even your keyboard at work.
Retina scan: One good high resolution photo of your face and you can reproduce it.
DNA: One hair or some skin is enough to gather all you need.

It is one thing to unlock your wallet with biometric data as a second or thrid factor authentication, but generating your private key from this means you can bypass any wallet password or 2fa by just gathering your biometric data.

It could be used as a salt behind your private key though.

Apart from discussing whether this idea is feasible or not. Fingerprint recognition technology is simply not good in my opinion.
First, I am not a fan of my fingerprints data stored anywhere; secondly I don't think current fingerprints tech is good enough to recognize real fingerprints from fake ones.

And believe me, we don't want to go into Bio metric way of identity confirmation, soon we could be tagged exactly in a way cattle is.

You leave your fingerprints everywhere... EVERYWHERE. On everything you have ever touched and will ever touch, and they are easy to grab and replicate.

Rethink this idiocy at once!

First of all the idea is good but there are some other better biometric security way like Iris scanner that recently is introduced on the Samsung Note 7. I don't know if you know but the fingerprint can easily be hacked by some kids toys that use in kindergarten for more check this video how can an iPhone touchID can be hacked/tricked: http://www.dailymail.co.uk/sciencetech/article-3471718/Can-iPhone-s-fingerprint-sensor-hacked-using-PLAY-DOH-Researchers-claim-toy-bypass-Apple-s-security.html#v-5041464962111065112

Golly, you people are so much more security savvy than I am. I'd be dead impressed with myself if I was using fingerprints for stuff. I suppose fingers can be cut off and retinas gouged out. I'll be waiting for a scanner that reads my eternal soul. Until then passwords do the job.

There is no "log in" in Bitcoin. You use your client as usual and you recover your keys via fingerprint/retina scan.

AFAIK only Samsung used a fingerprint scanner on screen and they've already ditched that... But yeah, I kind of get your point :D


That would have to be weighed in regarding data randomness obtained in both methods and if the security given by one method tops over the cost saving the other method offers.


Since it would only be to recover a passphrase, I'm not sure if it would be all that impractical (you would only use it once in a while). We would probably have to build hardware for that tho...

Lips are very distinct, and they're also used for investigation in forensics, hence my idea :)


Yes, this is a valid issue to which I have no suggestions :(


People could also force you to reveal your backup location...


Great idea too :)


Software attempting to communicate with a server somewhere, storing our biometric data would probably be detected by someone auditing the code.


This was what I was referring to back in the 1st page... To be able to replicate a fingerprint this way, you have to have it very beautifully "printed" on a surface, and that doesn't happen frequently in real life :)


:D


To further enhance the fingerprint idea, one could create its passphrase using a specific sequence of fingers...

I'd still love to see this happen, fingerprint or retina scan or both.

At least we can count that this method does it job and fingerprint is not secure at all, it is needed online one time and all bitcoins can be lost, I haven't made a deep research but I believe that there are more ways to hack the fingerprint but maybe an Iris scanner and a password or/and a 2FA would be enough.

It doesn't have to be beautifully printed, as Luda previously said. It would take some trial and error, but a fingerprint sensor isn't foolproof.

A Fingerprint or Iris scan as a 2FA is a good idea though.

there are circumstances that would affect your  fingerprint even though its unique but there are factors would definitely change that as you said especially to those  handyman jobs. I do experience that situation where biometrics have that problem on have a hard time on recognizing those fingerprints and some have already registered already.

firstly
smart phones get handled.
so if you steal a smart phone then with a bit of dustpowder and some tape you can literally get the fingerprint from the screen of the same device you want to raid.

secondly
finger prints are not exact.
there are hundreds of 'indicators' on a finger, but get a papercut a few of them change/disapear, get old or fat and it changes. get calluses from hard labour work, a few of them change/disapear. use chemicals as a janitor on your hands in an accident, a few of them change/disapear
this is why the threshold for 'comparison' in criminal evidence is so low at a 6-12 indicator points because getting ALL indicators will never be possible.
meaning you cannot rely on hand picking just 6-12 indicators last year, hoping they will still be there in a few years. criminal finger print comparison looks at MANY indicators (above threshold) from an old sample and hope to find just 6-12 indicators on a newer sample

thirdly
retina scans are not perfect either.. diabetes, catacts, blindness, and other conditions can 'blur' the image obtained from a retina scan..

fourthly
identifyers in your head (password) is much safer than identifyers on your finger. imagine it this way. having fingerprint ID is like shouting out your email password every time you touch a light switch, cutlery, a bottle, even the tv remote.

in short trying to solve a security issue by making is stupidly easy for others to get hold of with some tools, or worse case eventually lose you access to due to nature purely based on laziness of someone clicking a few buttons and thinking about safe storage(using their brain).. is ultimately not a solution to security

it made the title laughable.. brain wallet without the brain....
you may like my next pun..

ill give this idea my middle finger

all i'm saying is: it's a good way to generate passwords, not the best way of course but still good.
So, for small amounts would be okay(a.k.a acceptable but not recommendable).

most users dont even care to have a offline wallet.

We had a company doing a demo with one of the scanners and they have done independent test with fingers from dead people and it did not work. It has something to do with the electric current or energy that are within a living finger. He says not all devices have this feature, but their technology did.

So your cheaper brand scanners might be fooled by a finger being cut off or a eye being gouged out. ^grrrrr^

Fingerprints aren't safe wallets since they are basically really easy to replicate even with simple household items.

If you're a marvel fan, you might have already seen what Scott Lang (Ant-Man) did to get Dr Pym's fingerprint.
Of course, they didn't actually show what the items and the complete steps were but if you were to google what he did, it's actually pretty simple.

You mean on the Galaxy S5?

I'd say generally, that the retina scan should provide better security however there are obviously important factors that play a role in this. I wonder how secure the iris scanner in the latest Galaxy Note is.

Indeed. It is less impractical if rarely used, although I do wonder the implications of this. From what I've gathered, there's only some research in this area.

This statement is incorrect. You may be able to pull decent fingerprints, but that is inadequate for one to bypass fingerprint security easily.

Thanks for sharing the post. The author makes a very good point by stating that compromised fingerprints can not be changed (which is the exact opposite of passwords).

That's an amazing idea, it's the next gen of security system. I believe that's pretty safe because you have to be you to unlock the wallet, except if someone cut off your finger and use it to unlock the wallet. ;D
But It's actually still hackable, because someone can just find your fingerprint on your belongings and use it to unlock the wallet.

Correct, it's the S5 that still had in on screen.

I assume the Galaxy Note uses a Secure Enclave-like system and encrypts keys on a separate chip


This is something I'm really curious about... What about retina/iris, would it increase the set of possible keys?

I am not really sure if an iris scanner is more secure than creating a passphrase out of several fingerprints. If smart glasses like Google glass will be mainstream in some years, everyone will be able to easily get an iris scan. However a scan of three or more fingers of yours is rather impossible. Just my opinion.

if people are adament they want fingerprint technology to be used, atleast make it workable
afterall, people have 10 fingers

i would suggest a method that has 10 keys(one per finger). but only needs lets say 3 keys to move funds.(3 of 10 multisig)
that way any of your 3 fingers would be accepted.

but just a 1 finger one key is not a good way to secure funds especially due to chemical burns, papercuts, age and other things that can affect a fingerprint

They did change that, however I don't find fingerprint safe especially not singular ones. Maybe if there was a specific combination of fingerprints used, it could result in a decent password (e.g. a specific order of several fingers only works).

It would likely not do that.

One could argue that this isn't the only factor that gives it security. You're forgetting proof-of-work, While not on-topic, your statement does seem a bit incorrect to me. I do agree with your statement regarding the brainwallet. I really don't see the need for someone to use one, especially not one based on fingerprints/IRIS. An offline wallet with encryption is always the better alternative. How hard could it be to memorize a semi-complex string of ~20 characters?

All of your fingerprints are pretty much everywhere, especially in the place where you live. That's not a good argument.

You have a lot of excellent points there. I have a scar on one of my fingers and often wondered if my fingerprint would be different now. Also, with your eyes deteriorating over years it could change the scan.

Clearly what we need is a private key somehow based on your DNA then we're all set!

Even if the wallet password is based on the fingerprint there should be always an alternative to unlock it like the phones.
Sometimes you can't put your fingerprint and you enter a password and unlock it(like the laptop,phone etc), which is still not 100% secure.

i think as others has mentioned before in the first two pages using fingerprint for your password as a kind of brain wallet is far from secure. and i think it is only more like a cool idea rather than a practical and secure one.
just like brain wallet itself, you can still make a private key using a sentence or a simple 123 password using brain wallet code but that never was secure and i think this one is not either.

But still, since you leave your prints in tons of locations everyday, You can't really say a fingerprint is a good password since you put it on everything you touch, Unlike a password or a number which can be pretty unique and unpredictable.

I am not sure this is great idea or not but since I’m from India and we have unique resident identification system that means government have our data not only regarding financial or social aspects but also our photographs, records and even fingerprints, eyeball photographs etc. That is critical case if we implement any such credential unlocking system.

I strongly believe not our data is not safe not only talking about Indian government but also any government of any corner of the world.

these forms of identification are not always 100 per cent accurate.  some times they give false positives

That's actually feasible and a lot better than just having one finger print as a key.
My index finger has actually changed it's print since the I accidentally cut the surface of it with a cutter when I was cutting potatoes. It now has these little broken lines that used to be a line before, and some parts have random prints on them.

i'm not sure on this one, but i have read that there are people with the same fingerprint. this is rare but still not cool. but as i mentioned i'm not sure and i might only be the software that thinks they are the same. this was some years ago so it might have changed.

it's a good idea but whether it can work well and something that is impossible to use the fingerprints as security of bitcoin wallet, in fact this way will be a little tricky.

Banks already use that technology and the result is people are loosing their fingers, soo i dont like it, several people complaint cant acess their accounts because machine didnt read well the fingers, bitcoin doesnt need such, there is already enought security around bitcoin wallets.

AFAIK these cases are very rare, even twins don't have identical fingerprints. The chances of you meeting somebody with the exact set of fingerprints are ridiculously low.

Seems like most of the signature spam is just ignoring this, or doesn't understand it at all. I doubt that they've even read your post in the first place.

Fair point. I was just under that impression after reading the statement. Sorry for the missunderstanding.

Brain wallets are good because they are unpredictable, you don't know what the person that made the password was thinking, opposite to prints, although they are unique they are so easy to get that it would make awful security. you literally leave your password everywhere you touch.

This isn`t very inovative.

Some people are developing fingerprint wallets for online bank accounts and offline shopping.

This will replace debit and credit cards.

This is the future,i guess.

Good for paranoids, i can't understand why people is always scared about hackers in 2016, when almost everywhere you can avoid them or just block you wallet?

Nonsense. Human thinking is predictable, their password habits are usually weak/horrible and the adjective simplistic can be used for the majority as well.

Indeed.

I concur. They're also very bad at probabilities, hence why we get people from time to time worrying about address collision.

Replacing passwords with fingerprints is not safer.

Stating this, after we've experienced one of the largest 'hacks' (it's debatable what exactly happened, but let's ignore that since discussing it would be off-topic) in the history of Bitcoin, is very ignorant and ridiculous.

I don't think this is a good idea to be honest. All those iris, fingertip, voice... all those biometric type of security solutions aren't real solutions to me.

Like let's say you get a fingerprint based password for your brain wallet seed pass phrase. And you someday have an accident, like you burn your hand while cooking or some shit. This would result in a fingertip that is no longer what is stored to decipher the password. And now you are stuck with a wallet that cannot be recovered and 6 months of rehabilitation to heal your finger.

If you argument this way, then there is absolutely no secure way. Of course, there is no 100% secure way at all. You can also store your brain wallet password on a stick or print it on a paper, nonetheless, the stick could get damage or the paper wallet could get burned or get accidently lost.