Author

Topic: [ANN] Krogothmanhattan x Polymerbit: Customer DIY key generation with Trezor (Read 900 times)

copper member
Activity: 672
Merit: 113
We'll finally be updating our website after Nashville. We're committed to implementing this on a trial basis.

this is exciting ! =)
full member
Activity: 1318
Merit: 184
Krogothmanhattan alt account
  That example note that is posted on the OP has over $400 in BTC loaded from a year ago and it's still there. Nobody ever swept it. That's how secure this method is.

 

https://mempool.space/address/bc1q4tv7p9pr43yfspdqht496zh79ym0qj5w9jfd4x
hero member
Activity: 722
Merit: 1027
We'll finally be updating our website after Nashville. We're committed to implementing this on a trial basis.
legendary
Activity: 2464
Merit: 1387
Well it will certainly be a fun/interesting task.



    Glad to hear your giving this a shot. As for the printer ...I cannot honestly answer that.

      I know is when the day comes I stop generating keys with my printer, thats the day I will destroy it for safe measure.

Thats how I plan it too, the Asus is near end of life anyway and I'm looking for a
laser printer which is cheap and I can get 1 black to er for! after that it will be destroyed.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
everyone should generate their own keys or at least understand/know how to do it.

It is good there are still several trusted people in this space who can also generate safe keys.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
Thread Resurrection!

I am going to try and do a DIY Key Generation soon.

I have a spare Trezor which I can reset

I have a very old Asus Eee PC which is currently being used to stream music into an old-school
Technics receiver. The Asus is going to be replaced with something with a bigger screen so I plan to
remove the Network card, and it doesnt have Bluetooth connectivity AFAIK,but will check it when it
has been replaced.

I can get TerraSlate waterproof paper >
https://www.amazon.co.uk/TerraSlate-Paper-Waterproof-Printer-Sheets/dp/B00NWVGOF4?th=1

I have a question over the printer requirement assuming I cant remove the memory...
If the laser printer has a memory, when I'm finished printing the private keys, cant I send
the printer a number of large dummy files to print without actually printing themin order to
fill the memory and erase the previous file with the private keys?

Also instead of a printer has anyone ever used a fine tipped 0.1, 0.3 permanent ink pen to write the
private keys instead of printing?

    Glad to hear your giving this a shot. As for the printer ...I cannot honestly answer that.

      I know is when the day comes I stop generating keys with my printer, thats the day I will destroy it for safe measure.
legendary
Activity: 2464
Merit: 1387
Thread Resurrection!

I am going to try and do a DIY Key Generation soon.

I have a spare Trezor which I can reset

I have a very old Asus Eee PC which is currently being used to stream music into an old-school
Technics receiver. The Asus is going to be replaced with something with a bigger screen so I plan to
remove the Network card, and it doesnt have Bluetooth connectivity AFAIK,but will check it when it
has been replaced.

I can get TerraSlate waterproof paper >
https://www.amazon.co.uk/TerraSlate-Paper-Waterproof-Printer-Sheets/dp/B00NWVGOF4?th=1

I have a question over the printer requirement assuming I cant remove the memory...
If the laser printer has a memory, when I'm finished printing the private keys, cant I send
the printer a number of large dummy files to print without actually printing themin order to
fill the memory and erase the previous file with the private keys?

Also instead of a printer has anyone ever used a fine tipped 0.1, 0.3 permanent ink pen to write the
private keys instead of printing?
legendary
Activity: 3570
Merit: 1959
I have bought and used Satodimes I like them. But how would you incorporate this into a physical Bitcoin? You would need to remove the chip from the card and place on the coin or note. I presume that is what you mean?

Hmm.. Good point, very interesting stuff ... Look forward to the reply here.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.

How about using a Satodime device for that key generation process ?
Private key will be sealed in a cold storage. And there is no security risk as the chip itself will generate the pair of keys (based on the user's co-provided entropy).



     I have bought and used Satodimes I like them. But how would you incorporate this into a physical Bitcoin? You would need to remove the chip from the card and place on the coin or note. I presume that is what you mean?
full member
Activity: 310
Merit: 151
Hardware and open source software solutions.
Customer DIY key generation with Trezor


During brunch in NYC, Krog and I were discussing issues faced by the collectible community.  The fact that a buyer has to inherently trust the keymaker to remain honest is a flaw. Polymerbit attempted to test how the market reacts to an alternative by releasing those DIY triangle notes in A4 format. Our findings were clear; only one buyer actually reported adding keys on the note. The fact that most people do not have an air gapped printer, meant that few were willing to go ahead with DIY keys. This stopped the DIY project dead in its tracks, forcing us to scrap the rest of the series. Korg suggested to try something new that may be useful to various coin makers. All coin makers are welcome to test this as well. In theory, this should allow Trezor holders to easily request custom keys for works issued by Polymerbit and others.



A unique test print was made using this process, with the note being shipped to Korg. These notes would not be resold, but would be useful as gifts or for a personal collection.

-------








WARNING: Run a malware and antivirus program prior to starting.

Reset a Trezor hardware wallet.
      Write down the 12- or 24-word seed clearly on a piece of paper in the right order
       Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.


       Copy the public address given for the passphrase hidden wallet. Copy the QR code as well by using a screenshot if need be.

      To verify correct transcription, you can confirm the backup via the Trezor “CHECK BACKUP” option or reset the Trezor, and input the seed and then the passphrase. If the correct seed and passphrase are input, then the same public address you have copied will be shown again. If not then you made a mistake and need to try again to confirm that what you wrote down is correct. There can be no errors in this procedure. Once they match, then send the public key to Polymerbit.


                          Sending the SEED and the PUBLIC KEYS to POLYMERBIT
 
             A different device should be used to send the seed to Polymerbit. This is so in the event the computer where the Trezor passphrase is being created is infected or has a keylogger, the only item the hacker will get is the passphrase, which will be useless without the seed.

For additional security, the seed could also be mailed physically.


ADDITIONAL INFO:

      So, as a precaution the seed should be uploaded to Polymerbit’s website via a different device. The passphrase and the seed should never be seen on the same computer at all to ensure there is no vulnerability.


   In the event the seed is compromised, it will be useless without the passphrase and the same if the passphrase is compromised, it is useless without the seed.

The passphrase should be made of alphanumeric/symbols and be at least 16 characters long. Customer should be made aware to never share it and to place in secure spot. As the only way to be able to redeem the notes is with that passphrase and without it, then the Bitcoin will be lost forever.







How about using a Satodime device for that key generation process ?
Private key will be sealed in a cold storage. And there is no security risk as the chip itself will generate the pair of keys (based on the user's co-provided entropy).

legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
 So.....thanks to Crypto Great Dane we finally made a short video about this. Hope that clarifies things for people as to how its done.  Cheers!

   You can watch it on this channel Private Key protection in physical bitcoin (with Krogoth)
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
I’ll happily take that note off your hands Smiley

   Ha!  That note you are referring to is loaded with $200 worth of Bitcoin at the time it was loaded...and I know and generated the passphrase.

    You are more than welcome to try and sweep the BTC if you can figure out what the passphrase/password is though....  Wink

    You can see the seed mnemonic phrase is exposed for anyone to try.

    If you scan the public address QR code it is loaded with 0.00683764BTC

        

            
copper member
Activity: 450
Merit: 65
Physical Bitcoin is the only way to stack
I’ll happily take that note off your hands Smiley
legendary
Activity: 2282
Merit: 3014
Finally got a moment to sit down and check this out. Some interesting concepts. Will have to spend some more time digging in to understand it better as I learn a bit slower than most ya’ll, as I’ve of course made clear many a times. I cheers the effort though just trying to think of innovation ways to make things better. Regardless of the outcome, worth the shot!
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I wonder if they store em like trezor did - without telling anyone. Ledger has been splitting keys to shards and now want to charge a subscription to “recover” your keys.  This is my fear of all hw wallets - that they are secretly storing/saving keys and that is why I dont truly trust any of them. Look at what just happened with Atomic wallet - supposed ti be non-custodial yet was actually custodial so keys were leaked.

  I have heard of ledgers key news...but about Trezor...this is a first...where exactly did you hear that? So Trezor is storing keys without telling anyone? If I am not mistaken Atomic is a hot wallet no?

yes non custodial but apparently they were still sending back everyones private keys.


    I love my paper wallets as well, but the convenience a hardware wallet gives me is much easier than a paper wallet.

     Do you know of anyway you can convert your seed into the actual Public and Private key addresses? I mean without going thru a hardware wallet.

     There has to be something or code out there that can do it especially on Github.

    

a paper wallet can be loaded into a hot wallet and used just as easily as a trezor and use bip 38/39 and/or signing device to keep the key safe.

as for the second part - yes, I do it all the time I use core on an offline airgapped drive. but I guess you could call core a "HW" wallet as well.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
No - I am suggesting they might be doing it - who knows right? It is my fear with any hw wallet - or that they use a preset number of pk’s etc - i would rather trust a collectible maker than a hw maker.

    I see your point....yeah who knows....maybe the roll of the dice is the way to go and generate your own seed that way.

    Nothing is guaranteed in life except Death..and taxes.  Cheesy

    The main reason I like Trezor is, its open source and has been tested and can be tested for what it is and what it is not.

    I love my paper wallets as well, but the convenience a hardware wallet gives me is much easier than a paper wallet.

     Do you know of anyway you can convert your seed into the actual Public and Private key addresses? I mean without going thru a hardware wallet.

     There has to be something or code out there that can do it especially on Github.

    
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
No - I am suggesting they might be doing it - who knows right? It is my fear with any hw wallet - or that they use a preset number of pk’s etc - i would rather trust a collectible maker than a hw maker.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
 For peace of mind for my BTC…hell yeah…$70 is worth it and it ain’t a one time use for one note…can be used over and over again for any item using this method.

    So its not a waste of waste of money at all…the Trezor can also be used to store your personal Bitcoin stash as well if need be. That’s exactly what I used for the key generation for this note.  Used my personal BTC stash Trezor…simply reset…generated the keys and voila….done deal. All I had to do is reset back and input my original seed for my original BTC…and was back in business.

   And I completely agree with your comment of newly made loaded collectibles are going by the wayside…Trust has been lost especially since Dogg fucked everyone. Also when BTC hit its all time high…guess what a lot of collectors did? Peeled and swept due to anxiety of the BTC getting swept. Especially high value items from past coin makers as well...If done this way...guess who doesn't have to worry about losing their BTC?

   That’s why this way you simply cannot have that happen to you and newly loaded collectables can be sold in that light as well. This is an option a maker can incorporate in their collectables as well as having them issue private keys for people that want them as well.

     But again to each his own as I have said before on earlier threads.
legendary
Activity: 1456
Merit: 1242
Much love to both of you guys, but this idea is terrible.  Sure, you guys and a few of the collectors can have this new idea on a few notes etc... Woohoo... but what average collector is going to spend $70 plus shipping etc on a trezor, to basically light it on fire by exposing the keys... just to buy a $25 note??  I just think that some people are having a hard time accepting that newly made loaded collectibles are going by the wayside....
full member
Activity: 1318
Merit: 184
Krogothmanhattan alt account
I wonder if they store em like trezor did - without telling anyone. Ledger has been splitting keys to shards and now want to charge a subscription to “recover” your keys.  This is my fear of all hw wallets - that they are secretly storing/saving keys and that is why I dont truly trust any of them. Look at what just happened with Atomic wallet - supposed ti be non-custodial yet was actually custodial so keys were leaked.

  I have heard of ledgers key news...but about Trezor...this is a first...where exactly did you hear that? So Trezor is storing keys without telling anyone? If I am not mistaken Atomic is a hot wallet no?
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I wonder if they store em like trezor did - without telling anyone. Ledger has been splitting keys to shards and now want to charge a subscription to “recover” your keys.  This is my fear of all hw wallets - that they are secretly storing/saving keys and that is why I dont truly trust any of them. Look at what just happened with Atomic wallet - supposed ti be non-custodial yet was actually custodial so keys were leaked.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.

 I sent an email a few days ago to confirm that when resetting the Trezor all seeds and info is wiped out and also that passphrase is not stored on the Trezor..they replied as follows..

   Hello XXXX

thank you for reaching out to Trezor support team.

Both your statements are correct.
Passphrase is not stored inside Trezor device so there's nothing to hack or extract.

First recovery seed will be completely wiped after factory reset. Also nothing to extract here.



Best regards,
Evgeny
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
the same logic could be applied to the trezor - will they keep it safe? and in working order? will they keep their passphrase safe?

Instead of trusting the funds to 1 location - the collectible - they have to trust 2 locations the collectible and the passphrase.

call it what you want but this is still just DIY yes it has the maker applying it to the collectible but the maker had no part in making the key or address the buyer did so still DIY.

I would rather personally have the maker do the whole thing (address/key generation) or none of it all - Not a half way job.  I would prefer to never use any hardware wallet at all - so far all have been proven to be compromised or closed source so you cannot verify they are not compromised - that goes for both ledger and trezor.

I still find this process to be considerably more complicated and in my opinion guarantees zero resale of funded item, ensures it can only be sold as redeemed.




   I hear all your points and like I said to each his own.

   Rather this way than getting Yogged again down the line....

   

I hear ya but I still would prefer a fully buyer made coin or a fully DIY to something like this. This is my least favorite. I think that comes from looking it at from a makers point of view. They cannot fully complete any item until each order comes in and the customer provides the information. That increases the work time considerably if you are doing 1 or 2 at a time then waiting for another order and then doing a few more.

Or maybe the maker makes the people ordering wait - like Ballet did with the PRO - they did them in batches and it was a few months between batches. They also had to wait for the customer to provide that which would encrypt the private key.

Either way, #76 please Smiley
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
the same logic could be applied to the trezor - will they keep it safe? and in working order? will they keep their passphrase safe?

Instead of trusting the funds to 1 location - the collectible - they have to trust 2 locations the collectible and the passphrase.

call it what you want but this is still just DIY yes it has the maker applying it to the collectible but the maker had no part in making the key or address the buyer did so still DIY.

I would rather personally have the maker do the whole thing (address/key generation) or none of it all - Not a half way job.  I would prefer to never use any hardware wallet at all - so far all have been proven to be compromised or closed source so you cannot verify they are not compromised - that goes for both ledger and trezor.

I still find this process to be considerably more complicated and in my opinion guarantees zero resale of funded item, ensures it can only be sold as redeemed.




   I hear all your points and like I said to each his own.

   Rather this way than getting Yogged again down the line....

   
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
the same logic could be applied to the trezor - will they keep it safe? and in working order? will they keep their passphrase safe?

Instead of trusting the funds to 1 location - the collectible - they have to trust 2 locations the collectible and the passphrase.

call it what you want but this is still just DIY yes it has the maker applying it to the collectible but the maker had no part in making the key or address the buyer did so still DIY.

I would rather personally have the maker do the whole thing (address/key generation) or none of it all - Not a half way job.  I would prefer to never use any hardware wallet at all - so far all have been proven to be compromised or closed source so you cannot verify they are not compromised - that goes for both ledger and trezor.

I still find this process to be considerably more complicated and in my opinion guarantees zero resale of funded item, ensures it can only be sold as redeemed.


legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
Curious - what collectors want it this specific way? or do you mean having the maker affix it and "load" it?  Curious if its the former, if you meant the latter than yes many do. Though most "loaded" items these days are actually just buyer funded as the maker has the buyer directly fund the coin so the maker actually never had any contact with the "load" amount.

edit: for example, let's use Lealana (love the coins) smoothie does "funded" and "buyer funded" coins - in reality, there is no difference between the two - except for the hologram. Both coins are directly funded by the buyer - neither funded by the maker. Yet the ones without the "buyer funded" holo fetch a higher premium.

Remember to be loaded by the maker also can be a sticky situation - as that requires a money transmitter license.

as for the airgapping a system - I would hope nearly anyone in Bitcoin could do that. Simply run/operate a system that does not and cannot go online.

I think you are making that part seem harder than it actually is.

and I didnt mean you with the hostility part, just soon I expect our favorite "OG" to step in and explain how it all works lol - I think you and I are beyond being hostile towards each other Smiley

and yes this way keeps you from getting rugged - as does DIY - because this really is a DIY scenario - just using a hw wallet to complete it vs an airgapped system.

   Not everyone in Bitcoin is capable of doing just that. You think people will use a computer once to generate keys and leave it offline forever ? And if they did want to wipe it clean to use online......go thru all that? Are they capable enough? No....Just because people are collectors does not make them capable of doing all this...Trust me I met many and they are clueless or do want to even bother.

   DIY is when you generate the keys...print the keys...and place the keys under the hologram...thats DIY.

    Most people buy DIY and never really do anything with it...they just leave the coin with the holo in the bag it came with. I know for the few coins I bought DIY....that's how they ended.

   This is generating the seed etc etc and let the maker assemble. Quite different.

   At the end of the day...these physical loaded items are artwork and the more the maker does...the more it is completed from his end.

   Not sure if that applies to the rest of world being a money transmitter...but then again if they cannot, then the buyer will need to load prior to shipping.
   So only fully funded notes or coins sold.

   

     
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
Curious - what collectors want it this specific way? or do you mean having the maker affix it and "load" it?  Curious if its the former, if you meant the latter than yes many do. Though most "loaded" items these days are actually just buyer funded as the maker has the buyer directly fund the coin so the maker actually never had any contact with the "load" amount.

edit: for example, let's use Lealana (love the coins) smoothie does "funded" and "buyer funded" coins - in reality, there is no difference between the two - except for the hologram. Both coins are directly funded by the buyer - neither funded by the maker. Yet the ones without the "buyer funded" holo fetch a higher premium.

Remember to be loaded by the maker also can be a sticky situation - as that requires a money transmitter license.

as for the airgapping a system - I would hope nearly anyone in Bitcoin could do that. Simply run/operate a system that does not and cannot go online.

I think you are making that part seem harder than it actually is.

and I didnt mean you with the hostility part, just soon I expect our favorite "OG" to step in and explain how it all works lol - I think you and I are beyond being hostile towards each other Smiley

and yes this way keeps you from getting rugged - as does DIY - because this really is a DIY scenario - just using a hw wallet to complete it vs an airgapped system.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

  
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

    

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.

   How many people can do it themselves the right way? Air gapped computer and the right key generation programs?
 
   With a trezor you will not need to have an airgapped computer at all or a key generation program to get  a pub and private keys.

Essentially the trezor is the airgapped system - could buy a laptop for $99, remove the wifi/bluetooth functionality, install Bitcoin core or Electrum or any number of wallets on it and do the same thing.  

By your logic, this is a process for someone who cannot make their own keys - yet will somehow manage to do all of these steps and successfully manage to keep the passphrase so they can later use it in conjunction with the collectible to redeem funds. How is this simplier than just creating a private key and applying it to a DIY item.

My point is this - this process is not new or creative even - it is simply taking what someone could already do and having them provide part of it to a maker so it can be added to a collectible. To me, the object is not loaded in any fashion. It simply has the address to a private key that could be easily redeemed without the collectible.

For that sake, why not just use the trezor to create a private key and only provide the public address to the maker? The effect would be the same.  The person not the maker is responsible for maintaining the security of the key.

Maybe I am missing something but I dont see how this is any more secure than just having your btc address added to the collectible and calling it good at that point.

I dont want any hostility so I will leave it at that. If something is produced, I would still probably buy one as a collector. After all, I buy tons of stuff that I would never trust with 1 sat.


  Good points all around....in that case it would be a do it yourself item not assembled by the coin maker.

   In my way it will be assembled and loaded by the maker ...and also have him apply the security hologram as well.

   So created by maker with the exception of the generation of the keys/seed.

   Some collectors want this rather than a DIY version where you are sent a hologram and you make the paper printout. Other do not.

    I know I do not and would prefer it to be handled all by the maker except for the key generation...especially after Dogg swept the shit keys.
  
      Also for that private key to be printed out you need a way to air gap your printer and computer if that what you are using. How many people can

manage that?

   There is no hostility bro...I take all in good stride as I see people seeing this from all different angles.

   Again, nobody is forced to use this...its an option for everyone to have and choose if they wish.

   We keep on getting burned all the time and yet we still keep on having trust until it happens again.

   This way, you are much less likely to get Yogged.

  
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

  
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

    

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.

   How many people can do it themselves the right way? Air gapped computer and the right key generation programs?
 
   With a trezor you will not need to have an airgapped computer at all or a key generation program to get  a pub and private keys.

Essentially the trezor is the airgapped system - could buy a laptop for $99, remove the wifi/bluetooth functionality, install Bitcoin core or Electrum or any number of wallets on it and do the same thing.  

By your logic, this is a process for someone who cannot make their own keys - yet will somehow manage to do all of these steps and successfully manage to keep the passphrase so they can later use it in conjunction with the collectible to redeem funds. How is this simplier than just creating a private key and applying it to a DIY item.

My point is this - this process is not new or creative even - it is simply taking what someone could already do and having them provide part of it to a maker so it can be added to a collectible. To me, the object is not loaded in any fashion. It simply has the address to a private key that could be easily redeemed without the collectible.

For that sake, why not just use the trezor to create a private key and only provide the public address to the maker? The effect would be the same.  The person not the maker is responsible for maintaining the security of the key.

Maybe I am missing something but I dont see how this is any more secure than just having your btc address added to the collectible and calling it good at that point.

I dont want any hostility so I will leave it at that. If something is produced, I would still probably buy one as a collector. After all, I buy tons of stuff that I would never trust with 1 sat.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

  
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

    

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.

   How many people can do it themselves the right way? Air gapped computer and the right key generation programs?
 
   With a trezor you will not need to have an airgapped computer at all or a key generation program to get  a pub and private keys.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

 
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

     

oh for sure, as a collector I would still have the urge to get one. but that still doesnt make it make sense. This is an overly complicated method of someone basically doing a DIY.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.

   I didnt say more valuable I said that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

 
   I see all points from all ends and there are good points....but our hobby is not what it used to be. For some people who have been around maybe they dont mind getting rug pulled...but for outsiders who look into our hobby I am sure they are horrified when they read about DOGG and TITAN.

    Give them this option, things just might change.

     Regardless....nobody is telling anyone to use my idea....stick with the old way is fine as well...its your BTC at the end of the day to do with it as you please  Wink

     Again I will give an example....if a coinmaker offers a limited series of say 100 of these....they are collectables as they are limited in their scope and nature....and can be resold redeemed if need be as I am sure people will buy just to have 1 of the 100...or 1 of the 21 in their collection. I know I would if I was to have one of every item produced by certain coin makers.

     
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
For collectibles this still makes zero semse - for personal storage on an item you mever plan to sell maybe but most collectors are simply flippers in which case this makes the items useless to those folks

I dont see how a redeemed item makes it more valuable as you stated - to me redeemed makes it less valuable - thst is why I buy mostly redeemed items - cheaper amd I am not a flipper like most.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
ok but then how could the collectible ever be sold? If I did one and I knew the Passphrase and the pk and seed are on the collectible in plain sight - does that not render the piece useless for selling?

Maybe that was addressed above but I dont think I saw that.

and would that slow down production? waiting for 200 customers to provide the information?

its like doing every collectible the same way the Ballet Pro series was done.


  Correct...that is something you cannot do unless you sold it as a redeemed wallet which in itself holds value as well.

   But then there is nothing to guarantee that any coin maker like Poly or myself will not pull a Yogg on you is there?

   SO then your collectable will become much less desirable and worthy than if things are done this way.

   The way I see it, I would rather have peace of mind knowing my BTC will be there and not be swept down the line.

   And yes I cannot sell it loaded as it will be pointless to try to, but I can still say I have a collectable that is loaded by the maker in my collection

   to pass on to future generations in my family.

  And I have heard people say they dont mind if their loaded item is swept with say $50 in BTC,,,but what happens when BTC moons and there are

thousand of dollars worth in BTC? I am sure that will be in the back of our heads for sure and they will mind.

  And who cares how long it takes to make ? We are not in the races here to see how fast...rather wait a long time and have a secure place where my BTC will be stored than a fast shipping and not knowing what the future hodls with the maker.

  And I dont care how much we say this person or that company is solid....like we did with yogg....and look what happens.

   I can flip tomorrow and rug pull.....so can anyone else...there are no guarantees in life.

   People who are in love and would die for each other end up cheating...betraying and yes killing each other.

   SO what makes you think this rugg pull cannot happen with other coin makers like myself and others?

    THIS CAN PREVENT THAT FROM HAPPENING.
 
    The trezor is less than $70...small price to pay for peace of mind.

   But at the end of the day....to each his own. You can lead the horse to the watering hole yet you cannot force it to drink.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
Sounds great. Glad to see some thought put into this from respected creators. Reminds me of the process Ballet uses to create their wallets on their cards. Requiring both key and validation phrase to use, with each created independently.

I would love to test this out, have plenty of Trezors laying around that could be reset or dedicated to this process for me.

Personally, I would put the pasphrase under a second hologram on the note so it is secure and not lost. Might be nice to include space on the note for this along with a second hologram. Becomes a new form of DIY.

Curious to see what comes of this. Great work.

Geo

Yes I like this and commend both Polymerbit and krogothmanhattan working through a
solution to a problem which has been looming and brought to light by Yogg.

i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either Wink

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

If this solution works along with other open source HW wallets it will cement the
trust back into loading collectibles. It might also be fitting to have the Icarus project be the
first to impliment a >HW wallet customer DIY key generated collectible<



   Thanks for the compliments.....And yes it should work with other BIP39 wallets....so Trezor is not the only one.

   We used Trezor as an example cause thats what I have been using all these years and I think they are good at what they do.

   And its less than $70 as well for people that want to buy....so its not a hell of a lot of money for peace of mind!
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
I am confused by the wording in your graphic.
The top part states to get the "public address", yet the bottom part states to "public key" and that you should send this "public key" to Polymerbit.

Isn't this wrong? From what I have been told, the public key or xpub should never be given out to a 3rd party Huh




   Good catch...I used the wrong words and it has been corrected.  Wink

  
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either Wink

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

   Thanks for the post...and yes it should work with other BIP39 wallets such as ledger and bitbox as you can see below...

    https://shiftcrypto.support/help/en-us/21-optional-passphrase/57-how-to-use-a-passphrase

    https://www.ledger.com/academy/passphrase-an-advanced-security-feature

   Not that I would recommend Ledger due to their recent revelations on sharing the seeds or being able to.  Roll Eyes

 
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I should point out that we don't plan to abandon our own key making method. It's simply that this could be worth testing.

In practice, we would create an initial, single test note design; where the user could opt in for this option.

Those who showed interest, are welcome to join us in testing feasibility.


well you know me, I will def get one. I just dont see it being successful for collectibles. Unless there is someway to change the passphrase - like the OfflineCash notes were supposed to be capable of doing.
hero member
Activity: 722
Merit: 1027
I should point out that we don't plan to abandon our own key making method. It's simply that this could be worth testing.

In practice, we would create an initial, single test note design; where the user could opt in for this option.

Those who showed interest, are welcome to join us in testing feasibility.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
ok but then how could the collectible ever be sold? If I did one and I knew the Passphrase and the pk and seed are on the collectible in plain sight - does that not render the piece useless for selling?

Maybe that was addressed above but I dont think I saw that.

and would that slow down production? waiting for 200 customers to provide the information?

its like doing every collectible the same way the Ballet Pro series was done.
legendary
Activity: 2464
Merit: 1387
Sounds great. Glad to see some thought put into this from respected creators. Reminds me of the process Ballet uses to create their wallets on their cards. Requiring both key and validation phrase to use, with each created independently.

I would love to test this out, have plenty of Trezors laying around that could be reset or dedicated to this process for me.

Personally, I would put the pasphrase under a second hologram on the note so it is secure and not lost. Might be nice to include space on the note for this along with a second hologram. Becomes a new form of DIY.

Curious to see what comes of this. Great work.

Geo

Yes I like this and commend both Polymerbit and krogothmanhattan working through a
solution to a problem which has been looming and brought to light by Yogg.

i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either Wink

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

If this solution works along with other open source HW wallets it will cement the
trust back into loading collectibles. It might also be fitting to have the Icarus project be the
first to impliment a >HW wallet customer DIY key generated collectible<

legendary
Activity: 3206
Merit: 3596
I am confused by the wording in your graphic.
The top part states to get the "public address", yet the bottom part states to "public key" and that you should send this "public key" to Polymerbit.

Isn't this wrong? From what I have been told, the public key or xpub should never be given out to a 3rd party Huh


legendary
Activity: 3304
Merit: 8633
icarus-cards.eu
i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either Wink

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it
full member
Activity: 1318
Merit: 184
Krogothmanhattan alt account
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
  
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

  
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

  You don't have to be tech savvy to create the recommended
Password of 16 characters or more. Examples of what a password should look like will be given....example
658%-@_#'$;$8387363-&+DFhsjdie&-@#

   Try an crack that jack....I just punched it in randomly. Not a hard thing to do at all.

 According to this strength Password website
https://www.passwordmonster.com/

it will take
3 thousand trillion trillion trillion years

   Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.

    And this way it's a 100% better than trusting the maker with keys.

That does not answer my question...

    Again I will repeat....there will be samples given as examples.

    At the end of the day it's up to the buyer to educate themselves a bit and do it right.

    And no it will not be Polymerbit or the coin makers fault if they make a password that is too weak.

    Just like its not a online companies fault when people use very weak passwords that can easily be guessed or brute forced.
copper member
Activity: 236
Merit: 18
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
  
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

  
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

  You don't have to be tech savvy to create the recommended
Password of 16 characters or more. Examples of what a password should look like will be given....example
658%-@_#'$;$8387363-&+DFhsjdie&-@#

   Try an crack that jack....I just punched it in randomly. Not a hard thing to do at all.

 According to this strength Password website
https://www.passwordmonster.com/

it will take
3 thousand trillion trillion trillion years

   Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.

    And this way it's a 100% better than trusting the maker with keys.

That does not answer my question...
full member
Activity: 1318
Merit: 184
Krogothmanhattan alt account
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
  
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

  
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

  You don't have to be tech savvy to create the recommended
Password of 16 characters or more. Examples of what a password should look like will be given....example
658%-@_#'$;$8387363-&+DFhsjdie&-@#

   Try an crack that jack....I just punched it in randomly. Not a hard thing to do at all.

 According to this strength Password website
https://www.passwordmonster.com/

it will take
3 thousand trillion trillion trillion years

   Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.

    And this way it's a 100% better than trusting the maker with keys.
copper member
Activity: 236
Merit: 18
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
 
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

 
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
This process looks quite a bit more difficult than a diy pk with BIP39 seed and passphrase

But maybe that is because I dont know trezor very well - I personally have 2 of them but wont use em - part of me feels that all hardware wallets leak out your information/keys/seed phrase/pass phrases etc thats just me though.


I suppose unless the code used on "xxx" device is actually open-sourced so can be vetted, who knows, so you could be right.

Hell, I may have one of these systems running, I still have to check.. Tongue   https://www.theregister.com/2023/06/02/gigabyte_uefi_backdoor/

You really cannot trust anything not open-source, so I have to agree with you in principle there, however, any reputable company would not do that I would think, especially in this business. Or I hope at least. Tongue






   Trezor is 100% open source unlike some other wallets. Also any BIP39 wallet seed can be used on any other wallet that is BIP39...regardless if the company goes bust or not.

    As per Trezor..

    Trezor hardware wallets use open-source designs so security experts and researchers can audit every process. This means your device is kept updated against threats, both real and theoretical.

When security is transparent, backdoors and potential exploits have nowhere to hide. Trezor is trust-less and decentralized, exactly like Bitcoin.

       In the unexpected event that the company Trezor becomes insolvent, your device will continue to be the safest place for your coins.

      This means that you can recover your cryptoassets on any BIP39 compatible wallet. For example, if you have cryptoassets on a Trezor One and the Trezor One gets lost or damaged, then you can enter in the recovery seed from the Trezor One into a Trezor Model T or a Ledger Nano S and recover all of your cryptoassets.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
 
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.
legendary
Activity: 3570
Merit: 1959
This process looks quite a bit more difficult than a diy pk with BIP39 seed and passphrase

But maybe that is because I dont know trezor very well - I personally have 2 of them but wont use em - part of me feels that all hardware wallets leak out your information/keys/seed phrase/pass phrases etc thats just me though.


I suppose unless the code used on "xxx" device is actually open-sourced so can be vetted, who knows, so you could be right.

Hell, I may have one of these systems running, I still have to check.. Tongue   https://www.theregister.com/2023/06/02/gigabyte_uefi_backdoor/

You really cannot trust anything not open-source, so I have to agree with you in principle there, however, any reputable company would not do that I would think, especially in this business. Or I hope at least. Tongue



legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

Of course, but I think it's more about making "Loaded" collectibles "easier" to trust. (?)  Most people don't feel comfortable making their own keys/paper wallet I think too... 🤷‍♂️

It's not that I don't trust the hardware, it does put an extra barrier in place at least from your keys getting exposed, but this kind of thing also relies on Trezor itself being around forever essentially, am I correct? Huh  (I don't know enough about key generation there sorry, but I do know there are a lot of different things you can do with a trezor.

I have both models, but don't actively use them anymore myself, so am now looking at https://www.blocknative.com/blog/custom-derivation-paths#1 to try and understand more about what else can be done with a Trezor, even perhaps programmatically.

This process looks quite a bit more difficult than a diy pk with BIP39 seed and passphrase

But maybe that is because I dont know trezor very well - I personally have 2 of them but wont use em - part of me feels that all hardware wallets leak out your information/keys/seed phrase/pass phrases etc thats just me though.
legendary
Activity: 3570
Merit: 1959
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

Of course, but I think it's more about making "Loaded" collectibles "easier" to trust. (?)  Most people don't feel comfortable making their own keys/paper wallet I think too... 🤷‍♂️

It's not that I don't trust the hardware, it does put an extra barrier in place at least from your keys getting exposed, but this kind of thing also relies on Trezor itself being around forever essentially, am I correct? Huh  (I don't know enough about key generation there sorry, but I do know there are a lot of different things you can do with a trezor.

I have both models, but don't actively use them anymore myself, so am now looking at https://www.blocknative.com/blog/custom-derivation-paths#1 to try and understand more about what else can be done with a Trezor, even perhaps programmatically.
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
How is this affected by the recent development showing where trezors can be easily hacked if they have physical custody? Would that put any of these seeds/keys at risk? Or is the passphrase sufficient? I simply dont trust hardware wallets.

  Very good question....First of all, the hacker needs to have custody of your Trezor...THEN...the attacker must possess a specialized hardware tool, strong technical knowledge, and physical access to bypass the protection! How many have that knowledge and tools!

    So there is a way around it....that is guaranteed that even if your trezor falls in a person with all this knowledge and tools....Simply, reset your Trezor!
This will wipe away your seed and passphrase you have generated for your physical collectable device!
  Its like it never existed at all! And you can then generate a new seed and use the wallet in whichever way you please!

   BUT, for arguments sake...LETS SAY....you did not do that and the right people and equipment stole your trezor.

     Even though they get your seed, they will not get your passphrase for your hidden wallet. They cannot tell if you ever had a hidden wallet as the seed only gets them to the first wallets that are used with passphrases. And the passphrases I am talking about is for the hidden wallets not the passcode to open the Trezor!

        SO as per Trezor below...

      How does it work?
As part of the initialization process, your Trezor device generates a random number which is converted into a recovery seed and stored in the memory. Your Trezor uses this string of standard English words to generate your private keys, serving as a kind of 'master access key'  for unlocking access to your Bitcoin funds.

By default, the Trezor Model One creates a wallet with a 24-word seed phrase, whereas the Trezor Model T generates a wallet using a 12-word seed. This is referred to as your 'Standard wallet' in Trezor Suite.

By using a passphrase, you're effectively adding an extra word to the seed phrase, creating a brand new 'Hidden wallet'.

In fact, you can generate as many passphrase-protected hidden wallets as you like, but you must be extremely careful not to lose any of your passphrases. Remember, if you lose a passphrase, you lose access to any funds stored in the hidden wallet!

Essentially, whenever a Trezor device is used, it derives a cryptocurrency wallet using the following (extremely simplified) formula:   

       recovery seed + passphrase = hidden wallet

which can be summarized using the following schematic:


 
legendary
Activity: 2254
Merit: 2419
EIN: 82-3893490
How is this affected by the recent development showing where trezors can be easily hacked if they have physical custody? Would that put any of these seeds/keys at risk? Or is the passphrase sufficient? I simply dont trust hardware wallets.
legendary
Activity: 2520
Merit: 3238
The Stone the masons rejected was the cornerstone.
 Hi all.....Initially I did suggest using BIP38 like I used on my online stamp in 2017...its been loaded with 0.02 BTC since then and also the private keys exposed and the BTC still not stolen!

     http://www.crypto-stamps.com/private3.html

   But in order to do that...The person would need to get a program to create the BIP38 keys and also have an airgapped computer as well.
That program can also be created maliciously by the coinmaker so you are vulnerable.

   So this new idea dawned on me....the buyer would never need to have an airgapped computer at all or download any program and trust the coinmaker.

   By using a well known wallet like Trezor, this will make a physical loaded item completely trustless!
 
   Also it being a hierarchical deterministic wallet, you can actually create an infinite sets of keys as well.

    
  The whole idea with this is as follows…

 

    If polymerbit or any coinmaker came out with a certain note or coins….say 1 limited edition of 100…then they can still be created with my idea…the owner can still display his loaded physical item…in a limited edtion polymerbit…or coin and never ever have to worry his BTC will be swept!

   Also the items can be loaded to face value by the maker as well…making the item loaded by creator and keys generated by owner!

     Below is a sample made....all the seeds here are exposed and the addy is loaded with $200 worth of BTC. SO take it if you can crack it!

     In a sold version the seed would be under a security hologram.

     Another amazing thing is, you can then reset your Trezor and use it for another note or to use for your personal BTC stash.

            

            
legendary
Activity: 1244
Merit: 1075
Sounds great. Glad to see some thought put into this from respected creators. Reminds me of the process Ballet uses to create their wallets on their cards. Requiring both key and validation phrase to use, with each created independently.

I would love to test this out, have plenty of Trezors laying around that could be reset or dedicated to this process for me.

Personally, I would put the pasphrase under a second hologram on the note so it is secure and not lost. Might be nice to include space on the note for this along with a second hologram. Becomes a new form of DIY.

Curious to see what comes of this. Great work.

Geo
copper member
Activity: 750
Merit: 114
This is intresting. I might buy a trezor just to try. 😂
hero member
Activity: 722
Merit: 1027
Customer DIY key generation with Trezor


During brunch in NYC, Krog and I were discussing issues faced by the collectible community.  The fact that a buyer has to inherently trust the keymaker to remain honest is a flaw. Polymerbit attempted to test how the market reacts to an alternative by releasing those DIY triangle notes in A4 format. Our findings were clear; only one buyer actually reported adding keys on the note. The fact that most people do not have an air gapped printer, meant that few were willing to go ahead with DIY keys. This stopped the DIY project dead in its tracks, forcing us to scrap the rest of the series. Korg suggested to try something new that may be useful to various coin makers. All coin makers are welcome to test this as well. In theory, this should allow Trezor holders to easily request custom keys for works issued by Polymerbit and others.



A unique test print was made using this process, with the note being shipped to Korg. These notes would not be resold, but would be useful as gifts or for a personal collection.

-------








WARNING: Run a malware and antivirus program prior to starting.

Reset a Trezor hardware wallet.
      Write down the 12- or 24-word seed clearly on a piece of paper in the right order
       Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.


       Copy the public address given for the passphrase hidden wallet. Copy the QR code as well by using a screenshot if need be.

      To verify correct transcription, you can confirm the backup via the Trezor “CHECK BACKUP” option or reset the Trezor, and input the seed and then the passphrase. If the correct seed and passphrase are input, then the same public address you have copied will be shown again. If not then you made a mistake and need to try again to confirm that what you wrote down is correct. There can be no errors in this procedure. Once they match, then send the public key to Polymerbit.


                          Sending the SEED and the PUBLIC KEYS to POLYMERBIT
 
             A different device should be used to send the seed to Polymerbit. This is so in the event the computer where the Trezor passphrase is being created is infected or has a keylogger, the only item the hacker will get is the passphrase, which will be useless without the seed.

For additional security, the seed could also be mailed physically.


ADDITIONAL INFO:

      So, as a precaution the seed should be uploaded to Polymerbit’s website via a different device. The passphrase and the seed should never be seen on the same computer at all to ensure there is no vulnerability.


   In the event the seed is compromised, it will be useless without the passphrase and the same if the passphrase is compromised, it is useless without the seed.

The passphrase should be made of alphanumeric/symbols and be at least 16 characters long. Customer should be made aware to never share it and to place in secure spot. As the only way to be able to redeem the notes is with that passphrase and without it, then the Bitcoin will be lost forever.





Jump to: