bartekjagoda (OP)
Jr. Member
Offline
Activity: 87
Merit: 5
|
|
August 13, 2019, 09:52:22 AM |
|
Is there any biometric wallet (i am not talking about simple FaceID or TouchID login usage) for crypto wallets?
I have been looking but not found any good solutions.
Anyone?
|
Ich liebe Bitcoin
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4142
Campaign Manager. My Telegram @Royse777
|
|
August 13, 2019, 09:53:32 AM |
|
Not sure. But the concept is nice :-D
Imagine a wallet that will ask to scan your retina before broadcasting a transaction :-P
Now, wouldn't it be easier to steal your coins? One only need your retina to rob your coins /s
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Rath_
aka BitCryptex
Legendary
Offline
Activity: 1876
Merit: 3139
|
|
August 13, 2019, 09:57:04 AM |
|
Do you mean generating and backing up a wallet using, for example, a single fingerprint? There are no such wallets and they would be extremely insecure anyway. It would be fairly easy to force you to restore your wallet. Imagine a wallet that will ask to scan your retina before broadcasting a transaction :-P
Samsung Galaxy S8 and S9 have a retina scanner. Blockstream Green Wallet supports such a way of unlocking a wallet.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3864
Merit: 6591
Looking for campaign manager? Contact icopress!
|
|
August 13, 2019, 09:59:14 AM |
|
I've read on reddit that Mycelium should have fingerprint support on iOS. And on Android.. well.. a later post there makes sense: the device is already encrypted - whether with your passphrase or fingerprint or whatever...
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
August 13, 2019, 10:21:01 AM Last edit: November 15, 2023, 07:20:22 AM by HCP |
|
|
|
|
|
bartekjagoda (OP)
Jr. Member
Offline
Activity: 87
Merit: 5
|
|
August 13, 2019, 10:23:13 AM |
|
I've read on reddit that Mycelium should have fingerprint support on iOS. And on Android.. well.. a later post there makes sense: the device is already encrypted - whether with your passphrase or fingerprint or whatever... Well, you cannot read info from the IOS or Android touchID of faceID as the system blocks you from accessing the data... You can only get a confirmation that the finger is used to unlock the phone, but would not be able to generate the code on the fly
|
Ich liebe Bitcoin
|
|
|
AB de Royse777
Legendary
Offline
Activity: 2674
Merit: 4142
Campaign Manager. My Telegram @Royse777
|
|
August 13, 2019, 10:24:28 AM |
|
Exactly :-P It would be fairly easy to force you to restore your wallet.
All jokes aside, this was the whole point.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
bartekjagoda (OP)
Jr. Member
Offline
Activity: 87
Merit: 5
|
|
August 13, 2019, 10:48:51 AM |
|
It would be fairly easy to force you to restore your wallet.
All jokes aside, this was the whole point. What if you salt it with other data, it would not be that easy. The question remains, no solution on the market?
|
Ich liebe Bitcoin
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 13, 2019, 02:16:40 PM |
|
I imagine retinal scanning is bad for long term storage (does it use blood vessel arrangements)?
I wouldn't mine my private keys being generated by dna, but that'd have to come from blood for it to be fairly accurate...
Finger prints and faceid aren't very good and neither are pins for security reasons... I don't know if scanning every finger ever becomes possible then that would be well secured but the issue with biometric scanning is that your data probably won't be encrypted as it can't encrypt them if it's using a pattern matching algorithm.
|
|
|
|
bitmover
Legendary
Offline
Activity: 2492
Merit: 6320
bitcoindata.science
|
|
August 13, 2019, 02:40:49 PM |
|
The way blockchain is designed, what matters is only the private key.
A retina or finger print or whatever would just be a second layer of security, which wouldn't do much if the stealer has the private keys.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18747
|
|
August 13, 2019, 04:34:23 PM Merited by malevolent (2) |
|
I imagine retinal scanning is bad for long term storage (does it use blood vessel arrangements)? Correct, and there are various pathological process which can either alter your retinal vasculature, or prevent the machine from properly scanning your retinas. I wouldn't mine my private keys being generated by dna, but that'd have to come from blood for it to be fairly accurate. DNA can be accurately sequenced from pretty much any cell, which is why using it is a bad idea. We all shed hair and skin cells constantly. An attacker would only need to take a swab from something relatively clean that you've recently touched (like a disposable coffee cup or food wrapper) to have a fairly high chance of being able to sequence your DNA. Face and iris scanning have been spoofed with pictures before. Fingerprints can be lifted from anything you've touched. Biometrics really aren't all that secure.
|
|
|
|
bones261
Legendary
Offline
Activity: 1806
Merit: 1828
|
|
August 13, 2019, 05:21:37 PM |
|
Biometrics really aren't all that secure.
That's because Biometrics supposed to offer convenience and it's only secure against non-physical attack. It depends on the Biometric used. Fingerprints are not that secure because a person leaves those everywhere. I'm sure someone can lift a fingerprint and create something that can fool a scanner. DNA is really not that secure either, since a person leaves traces of their DNA everywhere they go. Facial recognition is not secure either, since someone can easily capture your image, and use that to fool a scanner. I suppose a retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that. It's not impossible though. Naturally, as you imply, all biometric security is overridden by the five dollar wrench attack. Since a person only has one set of biometrics, they can't even set up a dummy wallet, effectively. I suppose someone could use a different finger/thumb print to set up ten wallets. However, a smart criminal will simply have you try all ten fingerprints.
|
|
|
|
Rath_
aka BitCryptex
Legendary
Offline
Activity: 1876
Merit: 3139
|
I suppose retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that.
Well, even a retina scanner can be easily fooled if you take a photo of a victim with a proper camera (infrared night vision setting needs to be turned on). That's how Samsung security can be bypassed.
|
|
|
|
bones261
Legendary
Offline
Activity: 1806
Merit: 1828
|
|
August 13, 2019, 05:39:42 PM |
|
I suppose retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that.
Well, even a retina scanner can be easily fooled if you take a photo of a victim with a proper camera (infrared night vision setting needs to be turned on). That's how Samsung security can be bypassed. Thank for pointing that out. Therefore, I would not use a BTC wallet that is secured by biometrics. I do not plan on wearing some kind of suit and mask that prevents my biometric data from being copied.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2954
Merit: 7561
Playgram - The Telegram Casino
|
|
August 14, 2019, 08:42:42 AM |
|
I would never use a fingerprint as a way to secure my crypto holdings. The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
|
kalus
Sr. Member
Offline
Activity: 420
Merit: 263
let's make a deal.
|
|
August 20, 2019, 02:41:07 AM |
|
I am using Edge wallet, which provides password + TouchID security for currency i want to carry around. this is not how i'd carry the bulk of my savings, but for me it is an optimal security/convenience compromise for everyday amounts.
I rely on TouchID becuase the biometric data is stored on the secure enclave chip on the iphone. This is also secure enough for most of my everyday activities. However, i never got a FaceID phone and i'm in no rush to upgrade, so i understand the aversion to this technology at least.
|
DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
|
|
|
bartekjagoda (OP)
Jr. Member
Offline
Activity: 87
Merit: 5
|
|
September 04, 2019, 02:07:08 PM |
|
Well, you could hack a trezor or fake an electrum update, so WHY is this idea so much worse?
|
Ich liebe Bitcoin
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18747
|
|
September 04, 2019, 02:25:40 PM |
|
Well, you could hack a trezor or fake an electrum update, so WHY is this idea so much worse?
Because to lose my funds via Electrum I would need to download a fake wallet, forget to verify it, install and use it without doing any due diligence. I'm not that stupid. To lose my funds via a hardware wallet I would need to stop using a passphrase, again use some fake software or maybe let someone else gain physical access to my device, give away my PIN or seed, or something similar. I'm not that stupid. To lose my funds via a biometric wallet, an attacker only needs a photo of my face or anything I've touched, from a hand rail to a door handle to a bottle of juice. Unless you plan on wearing gloves and a full face covering 24/7, biometrics are far more easily hackable.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
September 04, 2019, 02:27:38 PM |
|
Well, you could hack a trezor
How would you do this ? Circumventing fingerprint security measurements is relatively easy and it has been mentioned how it can be done. So.. how would you hack a trezor ? or fake an electrum update
How would you fake the signature ? I mean.. people who don't verify the signature are at risk.. yes. But that's not how you update electrum. You always have to verify the pgp signature. So.. how would you do this ? WHY is this idea so much worse?
Because there are easy attack vectors and risk of losing access (all has been mentioned in this thread already). If you can argue against electrum updates or trezor being hackable the same way with the same level of complexity (very low), then it is not much better. But as long as you can't, both are definitely better than a fingerprint secured wallet.
|
|
|
|
|