I want a client that...

[AliceWonder]

I want a client that makes automated secure cloud backup easier.

You enter your cloud storage information.

You click backup. Wallet is encrypted requiring both a passphrase and a scan of your thumbprint to decrypt and uploaded to cloud.

That way remote backup of wallet is easy and if cloud storage hacked, they need your passphrase and your thumb to spend your coins.

Does such a client exist?

[TheSpiral]

I highly doubt it...
You could in theory make a bat file that will run the backup wallet command, throw the resulting file into something like a truecrypt container, and move it to a dropbox/btsync/WhateverServiceYouUse folder. All that would be fairly easy. The thumbprint part is a bit ... much/difficult.

[AliceWonder]

There are already APIs for interacting with thumbprint readers, aren't there?

Why I want this is because bitcoin is scary for many people.

Average person doesn't want the risk of losing their money because they lost their private key due to a hard drive failure.
But remote wallets that exist are constantly being hacked, or are scams, and are too risky.
And the average person chooses something stupid as their pass phrase, something like their favorite Bible verse or Einstein quote.

So even if we make it easy to back up just an encrypted wallet to cloud, as bitcoin adoption grows there will be hacks on cloud storage and wallets will go through dictionaries of common phrases.

But if thumbprint is added to encryption that's two things the hacker has to crack, so it will be much much safer for the average joe to use the currency as the user can have local wallet with automated secure remote backup.

I'm just trying to think of what is needed to increase adoption.

[grue]

There are already APIs for interacting with thumbprint readers, aren't there?

nope
there are, but they are limited to digital imaging only. there still needs to be implementation of fingerprint -> key.

[DeathAndTaxes]

Also biometrics are not deterministic.

Meaning your fingerprint can't be a decryption key because if you scan your fingerprint 100 times the resulting image will be different every time.  Biometrics look for an image which is "close enough" to the original.  This means that you can't employ strong security with biometrics.  You can't use the image to generate a encryption/decryption key because everytime you scan you finger the key produced will be different.  Thus if software can unlock your wallet on a fingerprint scan that means the software already has the decryption key.  If the key is available a hacker will find the way to extract it.  Your system would be less secure than a strong passphrase.

[AliceWonder]

Also biometrics are not deterministic.

Meaning your fingerprint can't be a decryption key because if you scan your fingerprint 100 times the resulting image will be different every time.  Biometrics look for an image which is "close enough" to the original.  This means that you can't employ strong security with biometrics.  You can't use the image to generate a encryption/decryption key because everytime you scan you finger the key produced will be different.  Thus if software can unlock your wallet on a fingerprint scan that means the software already has the decryption key.  If the key is available a hacker will find the way to extract it.  Your system would be less secure than a strong passphrase.

That's not a difficult problem to solve though.
You can scan a fingerprint and see if it is a close match.

So the key doesn't come from the figerprint itself. The key is random generated and held in the client and only released to decrypt if the scanned fingerprint matches.

That means it isn't good security by itself for a local exploit on the machine with the key, but it good at preventing decryption of the wallet if stolen from a remote backup server.

[AliceWonder]

That's a problem too, if fingerprint key is in client and unlocked then remote backup pointless unless it has the fingerprint key in it.

[AliceWonder]

I don't know if there is an open source solution but

http://cervisia.org/biometrics_encryption.php

seems to indicate there actually may be a working solution to fingerprint -> key

[grue]

That's not a difficult problem to solve though.
You can scan a fingerprint and see if it is a close match.

So the key doesn't come from the figerprint itself. The key is random generated and held in the client and only released to decrypt if the scanned fingerprint matches.

That means it isn't good security by itself for a local exploit on the machine with the key, but it good at preventing decryption of the wallet if stolen from a remote backup server.

But what's the point of this compared to a password?

I don't know if there is an open source solution but

http://cervisia.org/biometrics_encryption.php

seems to indicate there actually may be a working solution to fingerprint -> key

what's the point of this if the key entropy is low? sure, you got a key but people can bruteforce it without a reader.

[halfawake]

Pretty sure this feature doesn't exist, no.  But you can get pretty close with Armory's paper backup feature and some creativity.  I'm not sure how you'd be able to do the biometric security, but it wouldn't be that difficult to turn the paper backup into a PDF and encrypt that with PGP or GPG then send that to your cloud backup server.

[hivewallet]

We are going to do something like this.

Please keep an eye on:
https://bitcointalk.org/index.php?topic=304060.0;all

[zekesonxx]

I'm working on something that would be synced to the cloud securely. I'll remember to announce it in this section of the forums, so keep watch.