Bitcoin Forum
November 06, 2024, 08:55:37 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Biometrics is the key to defeating Bitcoin hackers!  (Read 1825 times)
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 19, 2014, 03:20:56 PM
 #21

In my opinion, biometric technologies like apples touch ID is the solution to Bitcoin hackers on major exchanges. Imagine Coinbase or Bitpay had a user enabled feature that requires your fingerprint in order to confirm any Bitcoin transactions.

Then, a hacker would need to get into your account, defeat two factor authentication... and have acess to your fingerprint to confirm any transaction requests.

Obviously, this could be a user enabled feature that conspiracy theorists or people looking to just be anonymous could opt out of.

If Apple were to open up its touch ID to third parties, this would be the best offering. But for the meanwhile, can't a website like coinbase allow you to buy a third-party fingerprint scanner?

as others have said biometrics is not easy.
1. not everyone has/wants a fingerprint scanner.
2. if i cut my thump and it left a scar, the thumbprint wont match the one on the exchanges database
3. a trojan horse could sniff the data input of a USB port to copy the persons thump print and then use it later.. much like keyloggers sniff usb keyboards.
4. the actual lesson to learn is to teach people not to use exchanges as long term bank accounts.

1. Units are cheap nowadays, can even take a hit on the manufacturing end and make up for it on final MSRp of the kits or the software side of things.
2. That's not how they would work. They work off of patterns, not whole scan matching.
3. Multiple points of security. No one piece of biometric data would be able to unlock the kingdom.
4. Agreed
hellscabane
Legendary
*
Offline Offline

Activity: 896
Merit: 1000



View Profile
February 19, 2014, 03:24:39 PM
 #22

I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.

DNA scanning is even more far-fetched, but could be fun. Imagine licking or spitting into something before you could send your Bitcoins  Grin. I'm sure there'll be fingerprint Bitcoin apps at some point.

Altho DNA is unique (all 13 pairs) but its not guaranteed to stay the same.

Are you sating peoples DNA changes?
I think I read somewhere that throughout a person's life, he has many mutations in his DNA.

Yes, a person experiences minute changes to his/her DNA throughout the course of life. Environmental mutagens, various forms of radiation, etc. Our bodies have mechanisms that do a very good job of preventing changes in our DNA, but just like the human experience, it too is imperfect.
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
February 19, 2014, 03:29:43 PM
 #23

Devices with fingerprint scanner authentication are developed by good technicians but by a bad concept designer.
It is overseen that by authenticating with a fingerprint scanner you don't need the proper finger just the proper fingerprint.
And if a handy or laptop is stolen then mostly will have his owners fingerprint also which he uses maybe by the entrance of his house also.
If he would have password authentication and his password is stolen then he can change his password but he cannot change his finger or his fingerprint.

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
OnkelPaul
Legendary
*
Offline Offline

Activity: 1039
Merit: 1005



View Profile
February 19, 2014, 03:33:32 PM
 #24

I'd much prefer a simple hardware security token plus easy-to-remember transformation rule, for example "swap first and third digit, add 3 to the fourth digit (mod 10)".
The token would spit out a new 6-or-8-digit number each minute, and the transformation rule must be used to find the actual password.
That way, to gain access someone must steal the token and also know the transformation rule. That's not impossible to do, but is much more difficult to achive stealthily than acquiring a fingerprint from some appropriate surface.

Of course, this is just the authentication part - you also need to have a reasonably tamper-proof computer and operating system, and the whole system must make sure that MITM attacks won't work.

Onkel Paul

(I can't help thinking of "Minority Report" whenever someone mentions iris scans...)

Aswan
Legendary
*
Offline Offline

Activity: 1734
Merit: 1015



View Profile
February 19, 2014, 03:34:14 PM
 #25

In my opinion, biometric technologies like apples touch ID is the solution to Bitcoin hackers on major exchanges. Imagine Coinbase or Bitpay had a user enabled feature that requires your fingerprint in order to confirm any Bitcoin transactions.

Then, a hacker would need to get into your account, defeat two factor authentication... and have acess to your fingerprint to confirm any transaction requests.

Obviously, this could be a user enabled feature that conspiracy theorists or people looking to just be anonymous could opt out of.

If Apple were to open up its touch ID to third parties, this would be the best offering. But for the meanwhile, can't a website like coinbase allow you to buy a third-party fingerprint scanner?

The German "Chaos Compute Club" once replicated the finger prints of a well known German politician by simply taken them from a glass of water he used. They then published a usable version of the fingerprint with their magazine so everyone could use it to use that dudes finger prints.

There is even a tutorial about how to do that stuff and it's so easy. It's just not save and can be manipulated so easily.
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 19, 2014, 03:37:13 PM
 #26

Devices with fingerprint scanner authentication are developed by good technicians but by a bad concept designer.
It is overseen that by authenticating with a fingerprint scanner you don't need the proper finger just the proper fingerprint.
And if a handy or laptop is stolen then mostly will have his owners fingerprint also which he uses maybe by the entrance of his house also.
If he would have password authentication and his password is stolen then he can change his password but he cannot change his finger or his fingerprint.
This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
February 19, 2014, 03:41:50 PM
 #27

This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams.  Grin

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 19, 2014, 03:50:49 PM
 #28

This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams.  Grin
Sorry for that not being clear, I meant the version we would use would base the pass/fail upon the light bounced off the actual flesh ridges of a human's fingers.
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2386


Viva Ut Vivas


View Profile WWW
February 19, 2014, 03:59:14 PM
 #29

I have an old device that is a mini computer that requires a fingerprint scan to activate. It plugs in to your USB and uses your computer's network and monitor/keyboard without giving access to the contents of the device.

The company went out of business and the device is only compatible with old OSes. That would be ideal.

First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
February 19, 2014, 04:03:35 PM
 #30

This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams.  Grin
Sorry for that not being clear, I meant the version we would use would base the pass/fail upon the light bounced off the actual flesh ridges of a human's fingers.
And what is the difference between a simple fingerprint and a scanned image of a finger where the gaps between the ridges are filled with an opaque hand-cream and they are no valleys ?

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 1372
Merit: 783


better everyday ♥


View Profile WWW
February 19, 2014, 04:14:40 PM
 #31

I like the idea of Biometrics as a 2 FA or 3 FA method, but what happens if a person has no hands or fingers or had it amputated!   Huh

Guess iris scanning is the next evolution.

Next thing we'll be pricking ourselves to give blood DNA to authenticate!   Shocked

CharityAuction
          ▄▄▄████████▄▄▄   
       ▄▄███████▀▀▀▀███████▄
     ▄████▀▀           ▀▀████▄
   ▄███▀▀   ▄▄████████▄▄   ▀▀███▄
  ████▀   ████▀██████████    ▀███▄
 ████   ▄███▀▄  ▀    ██████   ▀███▄
▄███   ████▄    ▄█▄  ▀██████    ███▄
████  ▄███▀     ▀█▀      ▀███▄  ████
████  ████▄▄█▄      ▄█▄   ████  ████
████  ▀████████▄   ███▀  ▄███▀  ████
▀███   █████████▄   ▀   ▀████   ███▀
 ████   ▀████████   ▄ ▀▄▄██    ████
  ████▄   ███████▄▄██▄▄███   ▄████
   ▀███▄▄   ▀▀████████▀▀   ▄▄███▀
     ▀████▄▄            ▄▄████▀
       ▀▀███████▄▄▄▄███████▀▀
           ▀▀▀████████▀▀▀
          ▄▄▄████████▄▄▄   
       ▄▄███████▀▀▀▀███████▄
     ▄████▀▀           ▀▀████▄
   ▄███▀▀   ▄▄████████▄▄   ▀▀███▄
  ████▀   ████▀██████████    ▀███▄
 ████   ▄███▀▄  ▀    ██████   ▀███▄
▄███   ████▄    ▄█▄  ▀██████    ███▄
████  ▄███▀     ▀█▀      ▀███▄  ████
████  ████▄▄█▄      ▄█▄   ████  ████
████  ▀████████▄   ███▀  ▄███▀  ████
▀███   █████████▄   ▀   ▀████   ███▀
 ████   ▀████████   ▄ ▀▄▄██    ████
  ████▄   ███████▄▄██▄▄███   ▄████
   ▀███▄▄   ▀▀████████▀▀   ▄▄███▀
     ▀████▄▄            ▄▄████▀
       ▀▀███████▄▄▄▄███████▀▀
           ▀▀▀████████▀▀▀
ColdScam
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
February 19, 2014, 04:17:48 PM
 #32

I'm not sure the technology is there yet. As an experiment I set up a fignerprint reader on my Linux ThinkPad. It was way easier than entering my long password each time.
Once completed, I got bored and decided to try defeating it. Five minutes later I was in.

I used clear tape to lift a print that I had blown graphite dust onto. No super glue smoke needed, just old school. I then stuck the tape to some white paper and warped it around any finger to be read. It opened first try.  Undecided

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 19, 2014, 04:51:31 PM
 #33

This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams.  Grin
Sorry for that not being clear, I meant the version we would use would base the pass/fail upon the light bounced off the actual flesh ridges of a human's fingers.
And what is the difference between a simple fingerprint and a scanned image of a finger where the gaps between the ridges are filled with an opaque hand-cream and they are no valleys ?
Well lotion gets absorbed by the skin, it doesn't sit on top of it. I am positive it's not a problem like you're making it out to be. One could always wipe off their finger...
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 19, 2014, 04:53:09 PM
 #34

I like the idea of Biometrics as a 2 FA or 3 FA method, but what happens if a person has no hands or fingers or had it amputated!   Huh

Guess iris scanning is the next evolution.

Next thing we'll be pricking ourselves to give blood DNA to authenticate!   Shocked
Amputees would use a different level device. They would move right into retinal/voice/laser dna scans. Someone with glaucoma would use fingerprint/voice/laser dna. That's the beauty of it, it's customizable to the user.
Rawted
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500



View Profile
February 19, 2014, 04:55:53 PM
 #35

I'm not sure the technology is there yet. As an experiment I set up a fignerprint reader on my Linux ThinkPad. It was way easier than entering my long password each time.
Once completed, I got bored and decided to try defeating it. Five minutes later I was in.

I used clear tape to lift a print that I had blown graphite dust onto. No super glue smoke needed, just old school. I then stuck the tape to some white paper and warped it around any finger to be read. It opened first try.  Undecided
More than likely, this was an optical scanner. A few posts back i detailed CCD scanning, which would be far more accurate and less 'hackable'. Again, the goal is to combine multiple points of authentication and not leave it to a single point of entry.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
February 19, 2014, 06:23:06 PM
 #36

I'm not sure the technology is there yet. As an experiment I set up a fignerprint reader on my Linux ThinkPad. It was way easier than entering my long password each time.
Once completed, I got bored and decided to try defeating it. Five minutes later I was in.

I used clear tape to lift a print that I had blown graphite dust onto. No super glue smoke needed, just old school. I then stuck the tape to some white paper and warped it around any finger to be read. It opened first try.  Undecided
More than likely, this was an optical scanner. A few posts back i detailed CCD scanning, which would be far more accurate and less 'hackable'. Again, the goal is to combine multiple points of authentication and not leave it to a single point of entry.
It was indeed an optical scanner. I know much better biometric devices exist, such as eye scans or scans of the vasculature of the palm. But I can't help thinking that there is a $10 countermeasure out there somewhere.
And I totally agree that layered security it the best practice.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Aswan
Legendary
*
Offline Offline

Activity: 1734
Merit: 1015



View Profile
February 19, 2014, 06:57:04 PM
 #37

It won't ever work since the password will be written down in plain text on your finger instead of being on your mind, it's therefore less save.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!