Bitcoin Forum

Hi All,

I'm the founder of an Alt Coin project called Fibre, our lead dev (Bobby6Killers) has implemented an Android style pattern based locking system for our QT GUI wallet.

As far as im aware this is a first and has improved the security of our wallet x10. This renders key loggers useless as there is no keyboard action to record.

We are all about advancements in crypto and if the bitcoin community are interested. I will have my lead dev implement FibreLock in the Bitcoin-QT wallet.

Regards
Killa

Introducing FibreLock
An innovative security feature that has not been seen in Crypto Land before.  The idea behind FibreLock was to remove the keyboard from the password entry process thus rendering key loggers and other malware useless against the FibreWallet !!! FibreLock uses an android style pattern based locking system, there is no keyboard subsystem being used that malware could monitor !!! All inputs will come from your mouse.

Your pattern will become your password. If your wallet is already encrypted, use the change password feature to swap over to the new pattern input.

Select Change Password > Enter your existing password > Enter your new pattern and confirm.

http://i61.tinypic.com/161hy7s.png                                    http://i57.tinypic.com/2q24p3n.png  

Btw you should have put the original link of coin itself lol but i found it. Thanks i'm gona look into it.
FiberCoin : https://bitcointalk.org/index.php?topic=737771.0

Thanks!! I did not link to our thread because this is not a marketing ploy!! We just want to contribute.

forgive my ignorance but just looking at the images, it appears to be
12 digit entropy of most probably HEX

id prefer more entropy.

might be better to have 2 prompts
first:
(1)(2)(3)(4 )
(5)(6)(7)(8 )
(9)(0)(A)(B )
(C)(D)(E)(F)
asking for a 5 digit code
EG: AFAD06
then second prompt asks for the 12 digit code.
8473FA30D159
but where the second prompt does some maths with the first prompt,
whether its simply combining the 2
8AFAD064AFAD067AFAD063AFAD06FAFAD06AAFAD06EAFAD063AFAD060AFAD06DAFAD061AFAD065AFAD06

or something else like
AFAD06 x 8 = 11513094x8 = 92104752 =57D6830
AFAD06 x 4 = 11513094x4 = 46052376 =2BEB418
and so on...
57D68302BEB418 and so on

but obviously more complicated maths then my simple example. atleast to have something that appears random and has more entropy

even something like
8473FA x AFAD06 = 8680442 x 11513094 = 99938744707548 = 5AE4CD60A9DC
E30D15 x AFAD06 = 14880021 x 11513094 = 171315080494974 = 9BCF66847F7E
5AE4CD60A9DC9BCF66847F7E

either way the person has to only type in 5 digits followed by 12 digits but the entropy is well over 17 digits

Hey franky1

Thanks for the feedback. At the moment its in the revision 1 stage, but i do appreciate other peoples ideas on how to improve things.
Currently it doesn't work using HEX, but uses different methods.

The main intentions for creating this are these...
1) Make the wallet unlock and encrypt security features controllable by a different input mechanism that isn't traditionally monitored by malware key-loggers.
2) Take away visual cues, such as numbers & letters, which can be interpreted and predicted by other people or computers,
3) Make the input method based on patterns. Patterns are universally understood and easily remembered by the majority of users. Arguably this gives extra security than just using words / pin codes as people might write them down on a piece of paper. Not saying people won't draw the patterns to remember, but they are less likely to do so and other people finding that pattern on a piece of paper would probably not know what it's for!

Now going back to your HEX based idea, based on these 3 principles, if the users needed to remember overall a 17 digit input code they would have to remember a 17 point pattern! Now i know personally i could not remember that, especially if had not used the wallet for a couple of weeks!

Equally if we were to use basic numbers & letters that correlate to the buttons, then that could easily be assumed and retried / replayed by someone else.

So it's about trying to find a good balance of creating extra layers of security without compromising the usability of the system.

Just like any other password or pin code if you forget the pattern, then simply put you will loose access to the wallet and your coins, there is no back door or any difference with the encryption mechanism in the wallet, it's just how the data gets from the users brain into that encryption mechanism that now has now changed, and as each button doesn't correlate to a simple number or letter within the code, the resulting data entering into the encryption mechanism is just as random as a pet cat sitting on the keyboard :)

Thanks Bobby!!

I am interested I want to use it :D

to clarify i didnt mean the user would see any letters and numbers and i quite agree that patterns are more secure.. but..
.. but,,
as your image shows a text box with ************ the circles on the keypad must represent some form of alpha-numeric sequence (on YOUR CODING SIDE - not the customers visual side)

all i meant was that on your coding side if you had a way to convert a customers simple swishes of a phone screen pattern, into an entropy of much larger than the 12 ************ that you use for your encryption method. that would strengthen it.

there are many way's to do it.
even if the customer has to swish their finger across the screen 6 times for one pattern and then another 6. and then YOUR CODE does some nice fancy stuff with those 2 patterns to get atleast 25 entropy. then that would be great.

because a 12 entropy. if hex can be brute forced VERY quickly
because a 12 entropy. if alphanumberic can be brute forced moderately quickly
because a 12 entropy. if alphanumberic+ symbols can be brute forced reasonably quickly

but but having entropy of ATLEAST 25 digits, even if a customer only needs to swish 6-12 times atleast makes brute forcing a wallet file using a brute force script harder to achieve.

i would say that the user interface has many merits. you just need to increase the entropy using some nice maths functions bhind the scenes without causing the user too much inconvenience.

nice one

only think i doubt how we will able to use this daemon ?
when running it on a remote server

Unfortunately not as it relies on mouse or touch input

Cool, come over and try it out :)
https://bitcointalk.org/index.php?topic=737771

Thanks franky1, for your suggestions. We will see what we can come up with.