trcwhale (OP)
Member
Offline
Activity: 84
Merit: 11
|
|
February 17, 2014, 01:41:21 PM |
|
Hi,
I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.
What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.
What do you think of that?
|
|
|
|
Automatic
|
|
February 17, 2014, 01:56:16 PM |
|
And then get mugged in the street? Have to pay for special hardware to be able to decode this stuff? Only have a limited amount of seeds per-person? Being able to be tracked by any entity that can force you to validate yourself?
I'm good.
|
Please ask for a signed message from my on-site Bitcoin address (Check my profile) before doing any offsite trades with me.
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
February 17, 2014, 02:19:28 PM Last edit: February 24, 2014, 04:15:37 PM by bitpop |
|
,
|
|
|
|
trcwhale (OP)
Member
Offline
Activity: 84
Merit: 11
|
|
February 17, 2014, 03:23:15 PM |
|
And then get mugged in the street? Have to pay for special hardware to be able to decode this stuff? Only have a limited amount of seeds per-person? Being able to be tracked by any entity that can force you to validate yourself?
I'm good.
We are already getting tracked when carrying mobile phones. So tracking here is not even an issue anymore. Now the same thing can be said about asking to reveal your passphrase, pin for your card or a password to your phone by someone in the dark alley. Private key storage is a big issue. You don't necessary have to tell anybody that you generated your key pair based on your own biometrics but i think combined that with password this can be really good way of storing it. Meaning it can always be extracted back. That way you never loose it sort of thing.
|
|
|
|
oleganza
Full Member
Offline
Activity: 200
Merit: 104
Software design and user experience.
|
|
February 17, 2014, 04:41:46 PM |
|
Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.
|
Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
February 17, 2014, 04:45:32 PM |
|
Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.
They also the care of backing it up with the nsa for you so they can seize them
|
|
|
|
DanielVG
Sr. Member
Offline
Activity: 266
Merit: 250
I want free lunch, i'm gonna go with this guy.
|
|
February 17, 2014, 07:28:25 PM |
|
bad idea, i prefer anonymity and privacy over security.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
February 17, 2014, 07:35:23 PM Last edit: February 17, 2014, 09:26:09 PM by DeathAndTaxes |
|
The issue is that biometrics are not deterministic.
When you "login" using a biometric it compares the stored "good" biometric with the login attempt and if it is close enough you get logged in. If you think about this from a wallet perspective this means the biometric is not used to create (or unlock) the wallet it is only used for authentication of the attempted use. The wallet already has the ability to spend the coins independently of the biometric. If a hacker doesn't have the biometric data (stolen wallet) they would quickly figure out ways to hack the device itself.
The OP seems to suggest creating an HD wallet from a biometric seed. There are two issues with this. The first is that biometrics are never exact matches. If you scan the same fingerprint multiple times and convert it into a number, the output will be different each time. A deterministic seed needs to be deterministic, this means the seed generated is always the same. Although I don't like the risk of brain wallets if you hash a given passphrase it will always produce the same seed. It couldn't work if sometimes it produced a different seed.
The other issue is that most biometric samples have little entropy because high precision scanners are expensive (and if you are just doing a "close enough" match serve no purpose). They lack sufficient entropy to prevent an attack from brute forcing all possible seeds that can be produced from the device and then stealing the ones which are funded. Biometrics are good as a SECOND (or third) FACTOR (something you know, something you have, something) not for producing a deterministic seed.
|
|
|
|
drrussellshane
|
|
February 17, 2014, 09:07:07 PM |
|
Now Bitcoin detractors will really think bitcoiners are bringing on the "Mark of the Beast"!
|
Buy a TREZOR! Premier BTC hardware wallet. If you're reading this, you should probably buy one if you don't already have one. You'll thank me later.
|
|
|
oleganza
Full Member
Offline
Activity: 200
Merit: 104
Software design and user experience.
|
|
February 17, 2014, 10:58:16 PM |
|
Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.
They also the care of backing it up with the nsa for you so they can seize them That's the implementation detail. Also, your hardware is always a trusted counterparty.
|
Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
|
|
February 17, 2014, 11:02:56 PM |
|
Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.
I wonder how many have had a finger stolen along with their iphone?
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
trcwhale (OP)
Member
Offline
Activity: 84
Merit: 11
|
|
February 18, 2014, 10:43:46 AM |
|
The issue is that biometrics are not deterministic.
When you "login" using a biometric it compares the stored "good" biometric with the login attempt and if it is close enough you get logged in. If you think about this from a wallet perspective this means the biometric is not used to create (or unlock) the wallet it is only used for authentication of the attempted use. The wallet already has the ability to spend the coins independently of the biometric. If a hacker doesn't have the biometric data (stolen wallet) they would quickly figure out ways to hack the device itself.
The OP seems to suggest creating an HD wallet from a biometric seed. There are two issues with this. The first is that biometrics are never exact matches. If you scan the same fingerprint multiple times and convert it into a number, the output will be different each time. A deterministic seed needs to be deterministic, this means the seed generated is always the same. Although I don't like the risk of brain wallets if you hash a given passphrase it will always produce the same seed. It couldn't work if sometimes it produced a different seed.
The other issue is that most biometric samples have little entropy because high precision scanners are expensive (and if you are just doing a "close enough" match serve no purpose). They lack sufficient entropy to prevent an attack from brute forcing all possible seeds that can be produced from the device and then stealing the ones which are funded. Biometrics are good as a SECOND (or third) FACTOR (something you know, something you have, something) not for producing a deterministic seed.
This is very interesting. What do you propose then? What is the best solution of storing private key without worrying about having it lost? If this not solved BTC and other cryptos will never get much traction with general population. Most people would just be afraid of having any significant sum of money stored in crypto.
|
|
|
|
sb1412a
Newbie
Offline
Activity: 3
Merit: 0
|
|
February 21, 2014, 01:07:07 PM |
|
By utilising the option to do this: http://en.wikipedia.org/wiki/Mind_uploadingI think that anyone would be stupid to suggest that this won't be possible in the future. People will be uncomfortable with it and it won't be widely adopted for along time, but within 1000 years (perhaps more than half that timeframe) I believe all personal digital assets will be stored in the mind. Either: regulations will mean that you can't escape it, like in Minority Report, or it will just be so normal to people by then that it won't be an issue, and people see it as the preferable method of storage and usage. Mind recognition would be available for transactions. This could still be an anonymous act - no machine would actually need to know who you are, because it will just be matching your brain composition to your wallet, very much like a fingerprint. Your brain would just be an HD but with a unique structure, but an anonymous unique structure. You would not be giving up your details, you are simply another number to the network and it recognises your brain pattern on its database, which is synced to your wallet (which happens to be stored in your brain). Way way into the future though...
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
February 21, 2014, 03:20:54 PM |
|
Hi,
I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.
What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.
What do you think of that?
FWIK, there isn't any known biometrics method that would be secured enough for protecting huge amounts of money. Everything that you can measure about your body can be copied - and that's the problem. I personally think that the best solution is a wallet based on a seed password, which you just hide in your head. Exactly the one I developed and have been using successfully for over half a year already.
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
trcwhale (OP)
Member
Offline
Activity: 84
Merit: 11
|
|
February 21, 2014, 03:39:53 PM |
|
Hi,
I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.
What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.
What do you think of that?
FWIK, there isn't any known biometrics method that would be secured enough for protecting huge amounts of money. Everything that you can measure about your body can be copied - and that's the problem. I personally think that the best solution is a wallet based on a seed password, which you just hide in your head. Exactly the one I developed and have been using successfully for over half a year already. This is all good for us geeks. However people can't even remember simple passwords. For average person the password is not a good solution. For now I think there will be for trusted party who will store your bitcoins somewhere online. Of course with another party act as insurance. I think there is a service need here.
|
|
|
|
piotr_n
Legendary
Offline
Activity: 2055
Merit: 1359
aka tonikt
|
|
February 21, 2014, 03:47:55 PM |
|
This is all good for us geeks. However people can't even remember simple passwords. For average person the password is not a good solution. When they know that by forgetting this password they will loose a lot of money, they will never forget it - doesn't matter whether they are geeks, or not. Unless they are stupid, of course - in which case there is no reliable method, for securing their cache, anyway. So then indeed, in such case, the best they can do is give their money to someone else to watch it for them. E.g. they can deposit it on MtGox, because MtGox has the best security of all the exchanges / online wallets, with yubikey and stuff...
|
Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.PGP fingerprint: AB9E A551 E262 A87A 13BB 9059 1BE7 B545 CDF3 FD0E
|
|
|
rmines
|
|
February 21, 2014, 03:49:15 PM |
|
Currently most popular biometric security systems are fingerprint based. Think about what would happen if you would lose a hand or severely burn your finger tips..
|
|
|
|
bloss
Newbie
Offline
Activity: 28
Merit: 0
|
|
February 21, 2014, 06:37:50 PM |
|
This already exists. A brainwallet based on a truly random and memorized 160+ bits of entropy passphrase.
|
|
|
|
oleganza
Full Member
Offline
Activity: 200
Merit: 104
Software design and user experience.
|
|
February 22, 2014, 08:01:10 PM |
|
Here's a second draft: http://oleganza.com/blind-ecdsa-draft-v2.pdfThe algorithm is the same, but presentation is made clearer.
|
Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
|
|
|
chris56a
Member
Offline
Activity: 85
Merit: 10
|
|
February 23, 2014, 01:52:46 AM |
|
Hi,
I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.
What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.
What do you think of that?
i herd about someone working on a usb drive that can only be open with your own personal heart beat
|
|
|
|
|