Pages:
Author

Topic: [Android] Deck Wallet v1.0: Store your bitcoins in a deck of cards - page 2. (Read 7938 times)

jr. member
Activity: 50
Merit: 1
Regarding 1 (and probably 3), the 7-time shuffle is already recommended under instructions.

To be clear, what I meant that the 7 shuffles need to be riffle shuffles in order to generate a random sequence.  Other kinds of shuffles (such as overhand shuffles) will not come close to generating a random sequence after only 7 shuffles.
legendary
Activity: 1876
Merit: 1475
Nice idea.  A few comments:
1) the recommended 7 shuffles should be specified as (well distributed) riffle shuffles (based on Percy Diaconis work at Harvard). If the user does not feel comfortable doing riffle shuffles, then they should use what ever shuffle they know, but they should shuffle for a long time.
2) when you generate the successive addresses, you should cycle the deck and put the card at the back of the deck so that there are still 52 cards in the seed.  That way, you can generate 52 addresses instead of just 20.
3) Provide a strong warning that the user should not enter standard (widely known by magicians) stacks, even though that might seem like a good idea.  Always shuffle the cards.
4) I am assuming that if I shuffle the cards and write them down, they will generate the same wallet if I do the process over again. Right?

Thanks for your comments.

Regarding 1 (and probably 3), the 7-time shuffle is already recommended under instructions.

I will consider 2, although I really don't think more than 20 addresses are required.

Regarding 4, of course it would generate the same addresses, be it from the same deck itself (recommended) or a paper where you wrote it down.

jr. member
Activity: 50
Merit: 1
Nice idea.  A few comments:
1) the recommended 7 shuffles should be specified as (well distributed) riffle shuffles (based on Percy Diaconis work at Harvard). If the user does not feel comfortable doing riffle shuffles, then they should use what ever shuffle they know, but they should shuffle for a long time.
2) when you generate the successive addresses, you should cycle the deck and put the card at the back of the deck so that there are still 52 cards in the seed.  That way, you can generate 52 addresses instead of just 20.
3) Provide a strong warning that the user should not enter standard (widely known by magicians) stacks, even though that might seem like a good idea.  Always shuffle the cards.
4) I am assuming that if I shuffle the cards and write them down, they will generate the same wallet if I do the process over again. Right?
legendary
Activity: 1876
Merit: 1475

I've read on several places the idea to use real-world entropy such as dice or cards to generate a seed to create bitcoin addresses.

Basing on that idea, I have create a simple Android app that allows users to generate up to 52 bitcoin addresses from a deck of cards.

You can get it here from Google Play:
https://play.google.com/store/apps/details?id=com.ecuamobi.deckwallet

or https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_1.0.apk?raw=true
It requires a device running Android 4.0+ with touchscreen.

Features
  • Easily enter the order of the cards by using spinners.
  • Supports an optional password.
  • Checks for repeated or missing cards, as well as miss-entered passwords.
  • Allows the user to re-enter everything to double-check the generated wallet. This is to prevent sending coins to the void.
  • Shows QR codes for the generated addresses and private keys.
  • Allows individual sharing of an address or key, as well as bulk sharing of all generated addresses.

About security
  • Completely offline. The application does not requires permission to access the Internet, store files, or any other.
  • Open source. The code is available here: https://github.com/ecuamobi/deck-wallet/
  • You don't need to enter the order of the cards using the keyboard, therefore it's not vulnerable to malicious keyboards.
  • Checks for repeated or missing cards.
  • Allows the user to re-enter everything to double-check the generated wallet.
  • 2FA: Option to enter a password (or more than one to create secondary wallets) besides the deck itself.
  • Allows the generation on an extra wallet using a secondary password, thus protecting the main one against a physical attack (disclose the secondary password instead of the main one).
  • Obscurity: An attacker won't know there are bitcoins in that deck, even if they find it.

Instructions
  • Install Deck Wallet on a non-rooted Android device.
    Important: Make sure to download only from either
    https://play.google.com/store/apps/details?id=com.ecuamobi.deckwallet or
    https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_1.0.apk?raw=true
    and double check it does not require any permissions.
  • Riffle shuffle a deck of cards 7 times or more.
  • Select the number of cards to use. 52 is recommended.
  • Enter every card on the app (it takes me about 4 or 5 minutes to do so).
  • Optionally enter a password you won't forget (it's not possible to recover it!).
  • Touch "Go!" to generate up to 52 bitcoin addresses. It will generate as many addresses as the number of entered cards.
  • Optionally, copy the order of the cards into another deck, as backup.
  • Double-check your deck wallet: Touch the 'Check' icon and re-enter the same password and card order.
  • After checking it, send some bitcoins to your deck wallet and store your deck of cards in a safe place.

How it works
  • The entered cards are converted to 2-char strings and concatenated. For example 3 of hearths is represented as 3H. 10, Jack, Queen and King are represented as T, J, Q and K respectively.
  • If a password is entered, it is pre-pended to the resulting string.
    Example seed: myPasswordAH4CTS9D...KHQS
  • The first address is calculated as a brain address, using SHA256 from the full generated seed. The result is the same as manually entering the full string into http://bitaddress.org or other similar tool.
  • The second address is calculated from the seed except the first card is moved to the end (Example: myPassword4CTS9D...KHQSAH)
  • The third address is calculated from the seed except the first 2 cards are moved to the end (Example: myPasswordTS9D...KHQSAH4C) and so on.
  • To check the generated wallet, the double SHA256 of the full seed is temporarily stored on RAM.
  • Nothing is stored permanently and nothing is sent or received through Internet (the app doesn't have permission to do that).

Donations

If you find this app useful, please consider donating:
bitcoin:17GXYDJEDUqw7hYtqquyN1kYWmtcmFKhK8


DeckWallet is open source released under the MIT license.

It is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement.

Pages:
Jump to: