Bitcoin Forum
November 03, 2024, 11:12:07 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Fingerprint private key  (Read 1444 times)
arivar (OP)
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
April 07, 2015, 05:58:18 PM
 #1

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.
98problems
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
April 07, 2015, 06:30:51 PM
 #2

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.
i wouldnt create my private key on any kind of website because most likely i would get scammed

juju
Sr. Member
****
Offline Offline

Activity: 381
Merit: 250



View Profile
April 07, 2015, 06:33:45 PM
 #3

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

That is a pretty cool idea, I have not heard of anyone doing this yet. The biggest thing is how much Entropy a Fingerprint actually has. Some quick research shows that it should be possible to generate a series of numbers from a fingerprint 'reproducibly'. If you set a specific % matching thresholds 'noise' in the software capturing the fingerprint, lowering the threshold to generate a number from a fingerprint does reduce the amount of entropy available. Some estimates 40 - 80 Bits of Entropy. Kind of a wide range, but should still be large enough source for private key generation.

Here is some information posted a year ago by someone that is relevant:
http://www.reddit.com/r/crypto/comments/1fpobr/how_many_bits_of_security_in_a_fingerprint_as_in/
Enhancing security and privacy in biometrics-based authentication systems - http://www.cedar.buffalo.edu/~govind/CSE717/papers/CancelableBiometrics.pdf
How to Generate Strong Keys from Biometrics and Other Noisy Data - http://www.cs.bu.edu/~reyzin/fuzzy.html

Edit: Fixed Spelling
NeuroticFish
Legendary
*
Offline Offline

Activity: 3850
Merit: 6583


Looking for campaign manager? Contact icopress!


View Profile
April 07, 2015, 06:36:44 PM
 #4

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

It's not really an useful way to do this. Any website that offers this could scam you (anyone that knows your priv key can steal from you). A vanity gen based on fingerprint and password would have to run on a computer. And then you'll have to rely on a 3rd party app (prolly on your phone / tablet) that will read the fingerprint, then transfer that data on the computer where another program will take that data to generate the "private key". Who would use that?!

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
arivar (OP)
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
April 07, 2015, 06:44:55 PM
 #5

I mean, of course we cant rely on a website. I just would like to know if there is someone already working on this idea.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
April 07, 2015, 06:48:25 PM
 #6

I mean, of course we cant rely on a website. I just would like to know if there is someone already working on this idea.

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

Im not really here, its just your imagination.
arivar (OP)
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
April 07, 2015, 06:50:19 PM
 #7

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

That is a pretty cool idea, I have not heard of anyone doing this yet. The biggest thing is how much Entropy a Fingerprint actually has. Some quick research shows that it should be possible to generate a series of numbers from a fingerprint 'reproducibly'. If you set a specific % matching thresholds 'noise' in the software capturing the fingerprint, lowering the threshold to generate a number from a fingerprint does reduce the amount of entropy available. Some estimates 40 - 80 Bits of Entropy. Kind of a wide range, but should still be large enough source for private key generation.

Here is some information posted a year ago by someone that is relevant:
http://www.reddit.com/r/crypto/comments/1fpobr/how_many_bits_of_security_in_a_fingerprint_as_in/
Enhancing security and privacy in biometrics-based authentication systems - http://www.cedar.buffalo.edu/~govind/CSE717/papers/CancelableBiometrics.pdf
How to Generate Strong Keys from Biometrics and Other Noisy Data - http://www.cs.bu.edu/~reyzin/fuzzy.html

Edit: Fixed Spelling


The idea would be to create the private key using the fingerprint associated with a small paraphrase, so we can achieve a good  entropy without needing to remember 12 random words.
arivar (OP)
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
April 07, 2015, 06:56:02 PM
 #8

I mean, of course we cant rely on a website. I just would like to know if there is someone already working on this idea.

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

That makes sense, it definitely isnt a safe way to store a private key. I was trying to think about someway to store a private key without the need of writing things somewhere(that can get lost) or of remembering long paraphrases.
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 2996
Merit: 2371


View Profile
April 07, 2015, 07:06:56 PM
 #9

Are you asking about a PGP fingerprint or the print that one of your fingers leaves behind? If it was the former then sure, but I would just make sure that the password is very strong as you would essentially be creating a brain wallet with a bunch of random numbers/letters in the beginning. I would think the risk of a brain wallet farmer trying to hack a brainwallet with a PGP fingerprint in the prefix is somewhat small because there are so many PGP keys out there, and you wouldn't even need to necessarily need to use one that is found on a keys sever anywhere.

If you wanted to use the print that your finger leaves behind then there would be a number of risks and would probably not be a good idea. The primary drawback is that you will need some kind of specialized hardware to convert a portion of your fingerprint into a number, and if the manufacturer of such hardware were to go out of business then there would be a good chance that you would lose access to your Bitcoin.

If the people behind, say armory, or electrum were to disappear then as long as you have the unencrypted seed and the formula (code) that armory uses to calculate each new private key then you can still calculate your private keys and access your Bitcoin.

★ ★ ██████████████████████████████[█████████████████████
██████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████
★ ★ 
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
April 07, 2015, 07:13:04 PM
 #10

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

That makes sense, it definitely isnt a safe way to store a private key. I was trying to think about someway to store a private key without the need of writing things somewhere(that can get lost) or of remembering long paraphrases.
I don't think that people realize that this is actually a very bad idea. You could get amnesia, some form of dementia e.g. early onset Alzheimer's.
As for OP using a fingerprint is not safe. You leave so many fingerprints everywhere. One could easily follow you and extract one (if you live in a crowded city) without you noticing it.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
April 07, 2015, 07:13:43 PM
 #11

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy.  Undecided

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
mercistheman
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile
April 07, 2015, 07:14:39 PM
 #12

I burnt my finger on a wood stove... my lappy reader had difficulty reading the print.
unamis76
Legendary
*
Offline Offline

Activity: 1512
Merit: 1012


View Profile
April 07, 2015, 07:50:59 PM
 #13

I don't see how could this be useful. I only see fingerprints useful to access funds, and we already have that (things like TouchID).

For key generation it would probably be more useful to use things that aren't easily accessible, such as a retina scan. Now that would be nice, either for generation or accessing funds Smiley
BitcoinNewbie15
Sr. Member
****
Offline Offline

Activity: 574
Merit: 296

Bitcoin isn't a bubble. It's the pin!


View Profile
April 07, 2015, 08:04:26 PM
 #14

Oh creating a private key with your fingerprint is an awesome idea! I wonder if it will be possible one day?
--Encrypted--
Copper Member
Legendary
*
Offline Offline

Activity: 924
Merit: 1007

hee-ho.


View Profile
April 07, 2015, 08:25:22 PM
 #15

using fingerprint as a private key is a very bad idea for bitcoin users. there's more than one way for someone to "steal" your fingerprints, and staying anonymous will be very hard as you can be identified with your fingerprint alone.
randy8777
Legendary
*
Offline Offline

Activity: 896
Merit: 1000


View Profile
April 07, 2015, 09:29:39 PM
 #16

Hello,

I was wondering if there is any way for me to create a private key using only my fingerprint and a password. Do you guys know if there is already a website to do so ?

Thanks.

it would be a very bad idea to use a site to secure or create private keys via the internet. that's asking for problems. finger print security is not as secure as many think. you can easily get around it. search on youtube and you'll find out how.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
April 07, 2015, 09:52:16 PM
 #17

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy.  Undecided

Starbug only needs a picture of your finger[1][2]. Its incredible that this is still a "security" mechanism in passports.

I don't see how could this be useful. I only see fingerprints useful to access funds, and we already have that (things like TouchID).

For key generation it would probably be more useful to use things that aren't easily accessible, such as a retina scan. Now that would be nice, either for generation or accessing funds Smiley

See above or here[3], thats no better.

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

That makes sense, it definitely isnt a safe way to store a private key. I was trying to think about someway to store a private key without the need of writing things somewhere(that can get lost) or of remembering long paraphrases.
I don't think that people realize that this is actually a very bad idea. You could get amnesia, some form of dementia e.g. early onset Alzheimer's.
As for OP using a fingerprint is not safe. You leave so many fingerprints everywhere. One could easily follow you and extract one (if you live in a crowded city) without you noticing it.

I think the point was to find something that can not be lost and not be forgotten easily. Both is true for the finger, even though you might lose the prints you still have the original finger as long as you dont burn or cut yourself. I think OPs idea was the reduce the strength of the passphrase (e.g. a HD wallet seed) and make up for the loss of security with the finger print. Thus its easier to remember than a seed alone, but still as secure.


[1] sorry german -> http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.html#video
[2] english article -> http://arstechnica.com/security/2014/12/politicians-fingerprint-reproduced-using-photos-of-her-hands/
[3] http://www.forbes.com/sites/thomasbrewster/2015/03/05/clone-putins-eyes-using-google-images/

Im not really here, its just your imagination.
¡ndustrialcoinmagic
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
April 07, 2015, 10:28:48 PM
 #18

Im waiting to see this type of integration with the software launchkey https://launchkey.com/
HI-TEC99
Legendary
*
Offline Offline

Activity: 2772
Merit: 2846



View Profile
April 07, 2015, 10:45:47 PM
Last edit: January 07, 2017, 09:13:56 PM by HI-TEC99
 #19

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy.  Undecided

My favorite fingerprint hack is the fake finger made out of gummy bears.

http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/

Quote
A Japanese cryptographer has demonstrated how fingerprint recognition devices can be fooled using a combination of low cunning, cheap kitchen supplies and a digital camera.

First Tsutomu Matsumoto used gelatine (as found in Gummi Bears and other sweets) and a plastic mould to create a fake finger, which he found fooled fingerprint detectors four times out of five.
arivar (OP)
Newbie
*
Offline Offline

Activity: 41
Merit: 0


View Profile
April 07, 2015, 11:20:23 PM
 #20

I would be worried not only about creating it online, but the inherent security of finger print scanners. I bought one to experiment with security for my laptop. It was cool. But once it was working properly the hacker in me set out to defeat it. Unfortunately it was easy. I lifted my print from a drinking glass with Scotch tape and pencil lead dust (not even superglue vapor). I placed the tape on a different finger and scanned it. It was far too easy.  Undecided

Starbug only needs a picture of your finger[1][2]. Its incredible that this is still a "security" mechanism in passports.

I don't see how could this be useful. I only see fingerprints useful to access funds, and we already have that (things like TouchID).

For key generation it would probably be more useful to use things that aren't easily accessible, such as a retina scan. Now that would be nice, either for generation or accessing funds Smiley

See above or here[3], thats no better.

I doubt there is any serious work beeing done in that direction. The main problem with fingerprints is that you leave them literally everywhere. Every glass you use could be used to gather your fingerprints. You would end up with a private key which is only protected by a password. We already got that, its called a brainwallet.

That makes sense, it definitely isnt a safe way to store a private key. I was trying to think about someway to store a private key without the need of writing things somewhere(that can get lost) or of remembering long paraphrases.
I don't think that people realize that this is actually a very bad idea. You could get amnesia, some form of dementia e.g. early onset Alzheimer's.
As for OP using a fingerprint is not safe. You leave so many fingerprints everywhere. One could easily follow you and extract one (if you live in a crowded city) without you noticing it.

I think the point was to find something that can not be lost and not be forgotten easily. Both is true for the finger, even though you might lose the prints you still have the original finger as long as you dont burn or cut yourself. I think OPs idea was the reduce the strength of the passphrase (e.g. a HD wallet seed) and make up for the loss of security with the finger print. Thus its easier to remember than a seed alone, but still as secure.


[1] sorry german -> http://media.ccc.de/browse/congress/2014/31c3_-_6450_-_de_-_saal_1_-_201412272030_-_ich_sehe_also_bin_ich_du_-_starbug.html#video
[2] english article -> http://arstechnica.com/security/2014/12/politicians-fingerprint-reproduced-using-photos-of-her-hands/
[3] http://www.forbes.com/sites/thomasbrewster/2015/03/05/clone-putins-eyes-using-google-images/

That's exactly my point, thanks for explaining it better.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!