Bitcoin Forum
November 19, 2018, 12:34:57 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I want a client that...  (Read 1918 times)
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
June 10, 2013, 07:01:46 AM
 #1

I want a client that makes automated secure cloud backup easier.

You enter your cloud storage information.

You click backup. Wallet is encrypted requiring both a passphrase and a scan of your thumbprint to decrypt and uploaded to cloud.

That way remote backup of wallet is easy and if cloud storage hacked, they need your passphrase and your thumb to spend your coins.

Does such a client exist?

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
1542630897
Hero Member
*
Offline Offline

Posts: 1542630897

View Profile Personal Message (Offline)

Ignore
1542630897
Reply with quote  #2

1542630897
Report to moderator
1542630897
Hero Member
*
Offline Offline

Posts: 1542630897

View Profile Personal Message (Offline)

Ignore
1542630897
Reply with quote  #2

1542630897
Report to moderator
1542630897
Hero Member
*
Offline Offline

Posts: 1542630897

View Profile Personal Message (Offline)

Ignore
1542630897
Reply with quote  #2

1542630897
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542630897
Hero Member
*
Offline Offline

Posts: 1542630897

View Profile Personal Message (Offline)

Ignore
1542630897
Reply with quote  #2

1542630897
Report to moderator
1542630897
Hero Member
*
Offline Offline

Posts: 1542630897

View Profile Personal Message (Offline)

Ignore
1542630897
Reply with quote  #2

1542630897
Report to moderator
TheSpiral
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile WWW
June 11, 2013, 06:29:02 AM
 #2

I highly doubt it...
You could in theory make a bat file that will run the backup wallet command, throw the resulting file into something like a truecrypt container, and move it to a dropbox/btsync/WhateverServiceYouUse folder. All that would be fairly easy. The thumbprint part is a bit ... much/difficult.

[Cex.io] - Cheap virtual mining.
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
June 11, 2013, 09:46:10 PM
 #3

There are already APIs for interacting with thumbprint readers, aren't there?

Why I want this is because bitcoin is scary for many people.

Average person doesn't want the risk of losing their money because they lost their private key due to a hard drive failure.
But remote wallets that exist are constantly being hacked, or are scams, and are too risky.
And the average person chooses something stupid as their pass phrase, something like their favorite Bible verse or Einstein quote.

So even if we make it easy to back up just an encrypted wallet to cloud, as bitcoin adoption grows there will be hacks on cloud storage and wallets will go through dictionaries of common phrases.

But if thumbprint is added to encryption that's two things the hacker has to crack, so it will be much much safer for the average joe to use the currency as the user can have local wallet with automated secure remote backup.

I'm just trying to think of what is needed to increase adoption.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1140



View Profile
June 11, 2013, 10:24:10 PM
 #4

There are already APIs for interacting with thumbprint readers, aren't there?
nope
there are, but they are limited to digital imaging only. there still needs to be implementation of fingerprint -> key.

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1005


Gerald Davis


View Profile
June 11, 2013, 10:27:34 PM
 #5

Also biometrics are not deterministic.

Meaning your fingerprint can't be a decryption key because if you scan your fingerprint 100 times the resulting image will be different every time.  Biometrics look for an image which is "close enough" to the original.  This means that you can't employ strong security with biometrics.  You can't use the image to generate a encryption/decryption key because everytime you scan you finger the key produced will be different.  Thus if software can unlock your wallet on a fingerprint scan that means the software already has the decryption key.  If the key is available a hacker will find the way to extract it.  Your system would be less secure than a strong passphrase.
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
June 12, 2013, 02:05:54 AM
 #6

Also biometrics are not deterministic.

Meaning your fingerprint can't be a decryption key because if you scan your fingerprint 100 times the resulting image will be different every time.  Biometrics look for an image which is "close enough" to the original.  This means that you can't employ strong security with biometrics.  You can't use the image to generate a encryption/decryption key because everytime you scan you finger the key produced will be different.  Thus if software can unlock your wallet on a fingerprint scan that means the software already has the decryption key.  If the key is available a hacker will find the way to extract it.  Your system would be less secure than a strong passphrase.

That's not a difficult problem to solve though.
You can scan a fingerprint and see if it is a close match.

So the key doesn't come from the figerprint itself. The key is random generated and held in the client and only released to decrypt if the scanned fingerprint matches.

That means it isn't good security by itself for a local exploit on the machine with the key, but it good at preventing decryption of the wallet if stolen from a remote backup server.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
June 12, 2013, 02:17:12 AM
 #7

That's a problem too, if fingerprint key is in client and unlocked then remote backup pointless unless it has the fingerprint key in it.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
June 12, 2013, 02:54:31 AM
 #8

I don't know if there is an open source solution but

http://cervisia.org/biometrics_encryption.php

seems to indicate there actually may be a working solution to fingerprint -> key

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
grue
Legendary
*
Offline Offline

Activity: 2058
Merit: 1140



View Profile
June 15, 2013, 02:16:46 AM
 #9

That's not a difficult problem to solve though.
You can scan a fingerprint and see if it is a close match.

So the key doesn't come from the figerprint itself. The key is random generated and held in the client and only released to decrypt if the scanned fingerprint matches.

That means it isn't good security by itself for a local exploit on the machine with the key, but it good at preventing decryption of the wallet if stolen from a remote backup server.
But what's the point of this compared to a password?

I don't know if there is an open source solution but

http://cervisia.org/biometrics_encryption.php

seems to indicate there actually may be a working solution to fingerprint -> key
what's the point of this if the key entropy is low? sure, you got a key but people can bruteforce it without a reader.

It is pitch black. You are likely to be eaten by a grue.

Adblock for annoying signature ads | Enhanced Merit UI
halfawake
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


View Profile
June 21, 2013, 09:01:58 AM
 #10

Pretty sure this feature doesn't exist, no.  But you can get pretty close with Armory's paper backup feature and some creativity.  I'm not sure how you'd be able to do the biometric security, but it wouldn't be that difficult to turn the paper backup into a PDF and encrypt that with PGP or GPG then send that to your cloud backup server.

BTC: 13kJEpqhkW5MnQhWLvum7N5v8LbTAhzeWj
hivewallet
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


hivewallet.com


View Profile WWW
October 07, 2013, 12:54:58 PM
 #11

We are going to do something like this.

Please keep an eye on:
https://bitcointalk.org/index.php?topic=304060.0;all

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
zekesonxx
Newbie
*
Offline Offline

Activity: 42
Merit: 0



View Profile
October 12, 2013, 07:04:32 AM
 #12

I'm working on something that would be synced to the cloud securely. I'll remember to announce it in this section of the forums, so keep watch.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!