Pages:
Author

Topic: [ANN] Krogothmanhattan x Polymerbit: Customer DIY key generation with Trezor - page 2. (Read 897 times)

legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I wonder if they store em like trezor did - without telling anyone. Ledger has been splitting keys to shards and now want to charge a subscription to “recover” your keys.  This is my fear of all hw wallets - that they are secretly storing/saving keys and that is why I dont truly trust any of them. Look at what just happened with Atomic wallet - supposed ti be non-custodial yet was actually custodial so keys were leaked.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.

 I sent an email a few days ago to confirm that when resetting the Trezor all seeds and info is wiped out and also that passphrase is not stored on the Trezor..they replied as follows..

   Hello XXXX

thank you for reaching out to Trezor support team.

Both your statements are correct.
Passphrase is not stored inside Trezor device so there's nothing to hack or extract.

First recovery seed will be completely wiped after factory reset. Also nothing to extract here.



Best regards,
Evgeny
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
the same logic could be applied to the trezor - will they keep it safe? and in working order? will they keep their passphrase safe?

Instead of trusting the funds to 1 location - the collectible - they have to trust 2 locations the collectible and the passphrase.

call it what you want but this is still just DIY yes it has the maker applying it to the collectible but the maker had no part in making the key or address the buyer did so still DIY.

I would rather personally have the maker do the whole thing (address/key generation) or none of it all - Not a half way job.  I would prefer to never use any hardware wallet at all - so far all have been proven to be compromised or closed source so you cannot verify they are not compromised - that goes for both ledger and trezor.

I still find this process to be considerably more complicated and in my opinion guarantees zero resale of funded item, ensures it can only be sold as redeemed.




   I hear all your points and like I said to each his own.

   Rather this way than getting Yogged again down the line....

   

I hear ya but I still would prefer a fully buyer made coin or a fully DIY to something like this. This is my least favorite. I think that comes from looking it at from a makers point of view. They cannot fully complete any item until each order comes in and the customer provides the information. That increases the work time considerably if you are doing 1 or 2 at a time then waiting for another order and then doing a few more.

Or maybe the maker makes the people ordering wait - like Ballet did with the PRO - they did them in batches and it was a few months between batches. They also had to wait for the customer to provide that which would encrypt the private key.

Either way, #76 please Smiley
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
the same logic could be applied to the trezor - will they keep it safe? and in working order? will they keep their passphrase safe?

Instead of trusting the funds to 1 location - the collectible - they have to trust 2 locations the collectible and the passphrase.

call it what you want but this is still just DIY yes it has the maker applying it to the collectible but the maker had no part in making the key or address the buyer did so still DIY.

I would rather personally have the maker do the whole thing (address/key generation) or none of it all - Not a half way job.  I would prefer to never use any hardware wallet at all - so far all have been proven to be compromised or closed source so you cannot verify they are not compromised - that goes for both ledger and trezor.

I still find this process to be considerably more complicated and in my opinion guarantees zero resale of funded item, ensures it can only be sold as redeemed.




   I hear all your points and like I said to each his own.

   Rather this way than getting Yogged again down the line....

   
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
the same logic could be applied to the trezor - will they keep it safe? and in working order? will they keep their passphrase safe?

Instead of trusting the funds to 1 location - the collectible - they have to trust 2 locations the collectible and the passphrase.

call it what you want but this is still just DIY yes it has the maker applying it to the collectible but the maker had no part in making the key or address the buyer did so still DIY.

I would rather personally have the maker do the whole thing (address/key generation) or none of it all - Not a half way job.  I would prefer to never use any hardware wallet at all - so far all have been proven to be compromised or closed source so you cannot verify they are not compromised - that goes for both ledger and trezor.

I still find this process to be considerably more complicated and in my opinion guarantees zero resale of funded item, ensures it can only be sold as redeemed.


legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
Curious - what collectors want it this specific way? or do you mean having the maker affix it and "load" it?  Curious if its the former, if you meant the latter than yes many do. Though most "loaded" items these days are actually just buyer funded as the maker has the buyer directly fund the coin so the maker actually never had any contact with the "load" amount.

edit: for example, let's use Lealana (love the coins) smoothie does "funded" and "buyer funded" coins - in reality, there is no difference between the two - except for the hologram. Both coins are directly funded by the buyer - neither funded by the maker. Yet the ones without the "buyer funded" holo fetch a higher premium.

Remember to be loaded by the maker also can be a sticky situation - as that requires a money transmitter license.

as for the airgapping a system - I would hope nearly anyone in Bitcoin could do that. Simply run/operate a system that does not and cannot go online.

I think you are making that part seem harder than it actually is.

and I didnt mean you with the hostility part, just soon I expect our favorite "OG" to step in and explain how it all works lol - I think you and I are beyond being hostile towards each other Smiley

and yes this way keeps you from getting rugged - as does DIY - because this really is a DIY scenario - just using a hw wallet to complete it vs an airgapped system.

   Not everyone in Bitcoin is capable of doing just that. You think people will use a computer once to generate keys and leave it offline forever ? And if they did want to wipe it clean to use online......go thru all that? Are they capable enough? No....Just because people are collectors does not make them capable of doing all this...Trust me I met many and they are clueless or do want to even bother.

   DIY is when you generate the keys...print the keys...and place the keys under the hologram...thats DIY.

    Most people buy DIY and never really do anything with it...they just leave the coin with the holo in the bag it came with. I know for the few coins I bought DIY....that's how they ended.

   This is generating the seed etc etc and let the maker assemble. Quite different.

   At the end of the day...these physical loaded items are artwork and the more the maker does...the more it is completed from his end.

   Not sure if that applies to the rest of world being a money transmitter...but then again if they cannot, then the buyer will need to load prior to shipping.
   So only fully funded notes or coins sold.

   

     
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
Curious - what collectors want it this specific way? or do you mean having the maker affix it and "load" it?  Curious if its the former, if you meant the latter than yes many do. Though most "loaded" items these days are actually just buyer funded as the maker has the buyer directly fund the coin so the maker actually never had any contact with the "load" amount.

edit: for example, let's use Lealana (love the coins) smoothie does "funded" and "buyer funded" coins - in reality, there is no difference between the two - except for the hologram. Both coins are directly funded by the buyer - neither funded by the maker. Yet the ones without the "buyer funded" holo fetch a higher premium.

Remember to be loaded by the maker also can be a sticky situation - as that requires a money transmitter license.

as for the airgapping a system - I would hope nearly anyone in Bitcoin could do that. Simply run/operate a system that does not and cannot go online.

I think you are making that part seem harder than it actually is.

and I didnt mean you with the hostility part, just soon I expect our favorite "OG" to step in and explain how it all works lol - I think you and I are beyond being hostile towards each other Smiley

and yes this way keeps you from getting rugged - as does DIY - because this really is a DIY scenario - just using a hw wallet to complete it vs an airgapped system.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

  
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

    

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.

   How many people can do it themselves the right way? Air gapped computer and the right key generation programs?
 
   With a trezor you will not need to have an airgapped computer at all or a key generation program to get  a pub and private keys.

Essentially the trezor is the airgapped system - could buy a laptop for $99, remove the wifi/bluetooth functionality, install Bitcoin core or Electrum or any number of wallets on it and do the same thing.  

By your logic, this is a process for someone who cannot make their own keys - yet will somehow manage to do all of these steps and successfully manage to keep the passphrase so they can later use it in conjunction with the collectible to redeem funds. How is this simplier than just creating a private key and applying it to a DIY item.

My point is this - this process is not new or creative even - it is simply taking what someone could already do and having them provide part of it to a maker so it can be added to a collectible. To me, the object is not loaded in any fashion. It simply has the address to a private key that could be easily redeemed without the collectible.

For that sake, why not just use the trezor to create a private key and only provide the public address to the maker? The effect would be the same.  The person not the maker is responsible for maintaining the security of the key.

Maybe I am missing something but I dont see how this is any more secure than just having your btc address added to the collectible and calling it good at that point.

I dont want any hostility so I will leave it at that. If something is produced, I would still probably buy one as a collector. After all, I buy tons of stuff that I would never trust with 1 sat.


  Good points all around....in that case it would be a do it yourself item not assembled by the coin maker.

   In my way it will be assembled and loaded by the maker ...and also have him apply the security hologram as well.

   So created by maker with the exception of the generation of the keys/seed.

   Some collectors want this rather than a DIY version where you are sent a hologram and you make the paper printout. Other do not.

    I know I do not and would prefer it to be handled all by the maker except for the key generation...especially after Dogg swept the shit keys.
  
      Also for that private key to be printed out you need a way to air gap your printer and computer if that what you are using. How many people can

manage that?

   There is no hostility bro...I take all in good stride as I see people seeing this from all different angles.

   Again, nobody is forced to use this...its an option for everyone to have and choose if they wish.

   We keep on getting burned all the time and yet we still keep on having trust until it happens again.

   This way, you are much less likely to get Yogged.

  
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

  
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

    

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.

   How many people can do it themselves the right way? Air gapped computer and the right key generation programs?
 
   With a trezor you will not need to have an airgapped computer at all or a key generation program to get  a pub and private keys.

Essentially the trezor is the airgapped system - could buy a laptop for $99, remove the wifi/bluetooth functionality, install Bitcoin core or Electrum or any number of wallets on it and do the same thing.  

By your logic, this is a process for someone who cannot make their own keys - yet will somehow manage to do all of these steps and successfully manage to keep the passphrase so they can later use it in conjunction with the collectible to redeem funds. How is this simplier than just creating a private key and applying it to a DIY item.

My point is this - this process is not new or creative even - it is simply taking what someone could already do and having them provide part of it to a maker so it can be added to a collectible. To me, the object is not loaded in any fashion. It simply has the address to a private key that could be easily redeemed without the collectible.

For that sake, why not just use the trezor to create a private key and only provide the public address to the maker? The effect would be the same.  The person not the maker is responsible for maintaining the security of the key.

Maybe I am missing something but I dont see how this is any more secure than just having your btc address added to the collectible and calling it good at that point.

I dont want any hostility so I will leave it at that. If something is produced, I would still probably buy one as a collector. After all, I buy tons of stuff that I would never trust with 1 sat.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

  
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

    

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.

   How many people can do it themselves the right way? Air gapped computer and the right key generation programs?
 
   With a trezor you will not need to have an airgapped computer at all or a key generation program to get  a pub and private keys.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

 
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

     

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

 
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

     
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
ok but then how could the collectible ever be sold? If I did one and I knew the Passphrase and the pk and seed are on the collectible in plain sight - does that not render the piece useless for selling?

Maybe that was addressed above but I dont think I saw that.

and would that slow down production? waiting for 200 customers to provide the information?

its like doing every collectible the same way the Ballet Pro series was done.


  Correct...that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

   But then there is nothing to guarantee that any coin maker like Poly or myself will not pull a Yogg on you is there?

   SO then your collectable will become much less desirable and worthy than if things are done this way.

   The way I see it, I would rather have peace of mind knowing my BTC will be there and not be swept down the line.

   And yes I cannot sell it loaded as it will be pointless to try to, but I can still say I have a collectable that is loaded by the maker in my collection

   to pass on to future generations in my family.

  And I have heard people say they dont mind if their loaded item is swept with say $50 in BTC,,,but what happens when BTC moons and there are

thousand of dollars worth in BTC? I am sure that will be in the back of our heads for sure and they will mind.

  And who cares how long it takes to make ? We are not in the races here to see how fast...rather wait a long time and have a secure place where my BTC will be stored than a fast shipping and not knowing what the future hodls with the maker.

  And I dont care how much we say this person or that company is solid....like we did with yogg....and look what happens.

   I can flip tomorrow and rug pull.....so can anyone else...there are no guarantees in life.

   People who are in love and would die for each other end up cheating...betraying and yes killing each other.

   SO what makes you think this rugg pull cannot happen with other coin makers like myself and others?

    THIS CAN PREVENT THAT FROM HAPPENING.
 
    The trezor is less than $70...small price to pay for peace of mind.

   But at the end of the day....to each his own. You can lead the horse to the watering hole yet you cannot force it to drink.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
Sounds great. Glad to see some thought put into this from respected creators. Reminds me of the process Ballet uses to create their wallets on their cards. Requiring both key and validation phrase to use, with each created independently.

I would love to test this out, have plenty of Trezors laying around that could be reset or dedicated to this process for me.

Personally, I would put the pasphrase under a second hologram on the note so it is secure and not lost. Might be nice to include space on the note for this along with a second hologram. Becomes a new form of DIY.

Curious to see what comes of this. Great work.

Geo

Yes I like this and commend both Polymerbit and krogothmanhattan working through a
solution to a problem which has been looming and brought to light by Yogg.

i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either Wink

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

If this solution works along with other open source HW wallets it will cement the
trust back into loading collectibles. It might also be fitting to have the Icarus project be the
first to impliment a >HW wallet customer DIY key generated collectible<



   Thanks for the compliments.....And yes it should work with other BIP39 wallets....so Trezor is not the only one.

   We used Trezor as an example cause thats what I have been using all these years and I think they are good at what they do.

   And its less than $70 as well for people that want to buy....so its not a hell of a lot of money for peace of mind!
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
I am confused by the wording in your graphic.
The top part states to get the "public address", yet the bottom part states to "public key" and that you should send this "public key" to Polymerbit.

Isn't this wrong? From what I have been told, the public key or xpub should never be given out to a 3rd party Huh




   Good catch...I used the wrong words and it has been corrected.  Wink

  
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either Wink

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

   Thanks for the post...and yes it should work with other BIP39 wallets such as ledger and bitbox as you can see below...

    https://shiftcrypto.support/help/en-us/21-optional-passphrase/57-how-to-use-a-passphrase

    https://www.ledger.com/academy/passphrase-an-advanced-security-feature

   Not that I would recommend Ledger due to their recent revelations on sharing the seeds or being able to.  Roll Eyes

 
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I should point out that we don't plan to abandon our own key making method. It's simply that this could be worth testing.

In practice, we would create an initial, single test note design; where the user could opt in for this option.

Those who showed interest, are welcome to join us in testing feasibility.


well you know me, I will def get one. I just dont see it being successful for collectibles. Unless there is someway to change the passphrase - like the OfflineCash notes were supposed to be capable of doing.
hero member
Activity: 722
Merit: 1027
I should point out that we don't plan to abandon our own key making method. It's simply that this could be worth testing.

In practice, we would create an initial, single test note design; where the user could opt in for this option.

Those who showed interest, are welcome to join us in testing feasibility.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
ok but then how could the collectible ever be sold? If I did one and I knew the Passphrase and the pk and seed are on the collectible in plain sight - does that not render the piece useless for selling?

Maybe that was addressed above but I dont think I saw that.

and would that slow down production? waiting for 200 customers to provide the information?

its like doing every collectible the same way the Ballet Pro series was done.
Pages:
Jump to: