Author

Topic: Mycelium Entropy update (Read 9023 times)

legendary
Activity: 924
Merit: 1000
August 16, 2015, 08:32:26 AM
#27
If someone wants to verify the 2-of-3 private key shares that entropy prints, here's a way to do it:

  • Download the sss python code from here:
    https://github.com/cetuscetus/btctool/blob/bip/bip-xxxx.mediawiki

  • Download the bitcoin address utility (windows exe or source) from here:
    https://casascius.wordpress.com/2013/01/26/bitcoin-address-utility/

  • NOW IT'S A GOOD TIME TO GO OFFLINE, BECAUSE THE NEXT STEPS COULD OTHERWISE COMPROMISE YOUR PRIVATE KEY!!!  Shocked

  • Edit the test() function in bip-sss.py like this:
    Quote
    def test():
        gf = GF(0x11d)

        share1, dec_m1, dec_id1, dec_type1 = decode("SSS-")
        share2, dec_m2, dec_id2, dec_type2 = decode("SSS-")
        share3, dec_m3, dec_id3, dec_type3 = decode("SSS-")
       
        shares = [ share1, share2, share3 ]

        combined = combine(gf, shares)
        secret = make_secret(CTB_BASE58, length = 32, data = combined[1:33], is_private_key = True, compressed = True)

        #sss_test(gf, 1, 1)
        #sss_test(gf, 2, 1)
        #sss_test(gf, 1, 2)
        #sss_test(gf, random.randint(1, 64), random.randint(1, 255))
        #sss_test(gf, random.randint(1, 64), random.randint(1, 255))
        #sss_test(gf, random.randint(1, 64), random.randint(1, 255))

        #enc_dec_test(gf, 20)
    Put the three shares ("SSS-...") from your entropy printout into the script!

  • Go to the end of bip-sss.py, uncomment test() and comment gen_vectors():
    Quote
    test()
    #gen_vectors()

  • Run the script, it will output your private key in WIF format (or an error if something's wrong with your shares).
    I'm using ubuntu in a VirtualBox on windows for that.
    If you're not familiar with python scripts (like myself  Smiley) it's better to run it once without any modifications (it prints out some tests), to see if everything is in place and working OK.

  • Run the bitcoin address utility, navigate to menu tools/utility and enter your private key (from the python script) into the field labeled "Private Key (WIF)".
    Click on the second button under the input field (with two triangles pointing down).
    Your BTC address is shown in the last field, compare it with the printout.
    Should be exactly the same if everything went OK!  Smiley


I hope that this description is somehow useful. Don't hesitate to ask me if something's unclear.

For total security I recommend to do this procedure on a disconnected PC which never touches the internet.
If you do this on a PC which is infected with malware (trojans, keyloggers, etc.), your private key could get stolen and your BTC will be lost!
hero member
Activity: 707
Merit: 500
June 05, 2015, 01:30:05 PM
#26
Hi,
I am living in Vienna and would like to buy an Entropy-Device cash.

Can I come to you tomorrow?

Thank you,
Zorro

Hey, sorry for the late answer.
We still have a couple open to ship, which I send out as I get them from the hardware department - so no spare ones to sell, currently.
I could maybe borrow you mine, if you just want to make a couple of paper wallets, though.
Shoot me a PM if you would like to!
full member
Activity: 233
Merit: 100
May 27, 2015, 06:36:57 AM
#25
Hi,
I am living in Vienna and would like to buy an Entropy-Device cash.

Can I come to you tomorrow?

Thank you,
Zorro
legendary
Activity: 1680
Merit: 1035
April 25, 2015, 12:21:16 PM
#24
FYI, the first batch of 800 devices sold out around August. So anyone ordering in September onwards had to wait. Yes, the remaining 200 were received recently, and are being packaged and prepared for shipping now.
newbie
Activity: 22
Merit: 0
April 21, 2015, 07:34:00 AM
#23
I'm waiting for mine too.. Is there a way to modify the firmware so that I can use Entropy as HW random number generator?

Yes, but there is a nuance.

The main hardware entropy source (SRAM) works only once when you power it up.  If you want to generate a continuous stream, you have to use the built-in TRNG (probably safe, as it's not from Intel) and ADC measurements of a floating input.  There is a new appendix in the user manual about it: https://mycelium.com/assets/entropy/me.html#_appendix_b_how_it_works .

You can power SRAM off in hibernate mode, but it takes about 30 seconds for each sampling of about 6 kbits of entropy.  SRAM discharge is slower in hibernate mode than when the device is unplugged.

Personally, I doubt there is any chance at all that Atmel's built-in hardware RNG is compromised.  And you can still use the one-off salt from SRAM to thwart any hardware attacks on the built-in TRNG module.
member
Activity: 79
Merit: 10
April 21, 2015, 06:54:22 AM
#22
I'm waiting for mine too.. Is there a way to modify the firmware so that I can use Entropy as HW random number generator? I want to print bunch of wallets and then I plan to experiment with code.. open source FTW!
When did you order?

In the beginning of March shortly before there was "first batch sold out.." announcement
newbie
Activity: 22
Merit: 0
April 21, 2015, 06:39:52 AM
#21
I heard the last batch had just arrived at Mycelium office in Vienna for flashing and final assembly.
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
April 21, 2015, 05:53:50 AM
#20
I'm waiting for mine too.. Is there a way to modify the firmware so that I can use Entropy as HW random number generator? I want to print bunch of wallets and then I plan to experiment with code.. open source FTW!
When did you order?
member
Activity: 79
Merit: 10
April 21, 2015, 05:48:08 AM
#19
I'm waiting for mine too.. Is there a way to modify the firmware so that I can use Entropy as HW random number generator? I want to print bunch of wallets and then I plan to experiment with code.. open source FTW!
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
April 21, 2015, 04:39:11 AM
#18
Still haven't seen mine yet, i ordered late from the indiegogo campaign site, about early Jan, any help on how i can track it down?
Has the last batch of 200 been released yet?
legendary
Activity: 924
Merit: 1000
April 11, 2015, 01:21:31 PM
#17
I've written a small tool to verify the salt:



I could share it with the source (c#) if anyone is interested in this. You can run it on windows or linux (using mono).

Quote
Salt
This is an advanced feature for security experts.
If you do not trust your Mycelium Entropy device and believe it may be backdoored, then this feature, sometimes also referred to as Diceware, is for you. It lets you add your own entropy (salt) to the mix so that:

even though the salt is entered on your computer into settings.txt in a generally insecure way, its leakage does not compromise your key;

if the device’s RNG is rigged in an undetectable way, your key is still secure because of the salt;

the algorithm’s implementation is easily verified.

The current implementation is fairly simple and is called Type-1 salt. A more advanced algorithm has been proposed but has not been implemented yet.

Salt is a string of up to 32 bytes, which is entered in hexadecimal after the salt1 keyword in settings.txt.

Entropy is a 32-byte random number generated by Mycelium Entropy.

Key = SHA-256 ( Salt || Entropy ).

In the HD case, the first 128 bits of Key are used to construct the BIP-39 mnemonic.

Entropy is printed alongside the private/public key pair for your verification.
Source: https://mycelium.com/assets/entropy/me.html
yxt
legendary
Activity: 3528
Merit: 1116
April 11, 2015, 02:48:27 AM
#16
We still have a few in stock  Smiley

http://asicminer-shop.de/Mycelium-Entropy_1
hero member
Activity: 658
Merit: 501
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
March 24, 2015, 04:57:15 PM
#14
Ahh, more people receiving there's, where is mine???

Looks great, cant wait for mine to arrive in the mail, I'm sure i will get it soon.
Thanks for the pic.
hero member
Activity: 711
Merit: 532
March 24, 2015, 01:08:07 PM
#13
Entropy device received! And it works great:



More pictures and words here. Thanks for the great work, guys!
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
hero member
Activity: 707
Merit: 500
February 17, 2015, 04:05:19 AM
#11
It was posted to the indiegogo campaign page as well, so if you contributed you should have gotten an email with this text, as far as I know. Smiley
Nope no email received but this could be due to the fact that i purchase mine after the funding campaign ended, i think it was about the start of November i ordered, receipt is at work so i can check and update this post tomorrow.

If you did after the campaign ended, then only bitpay has your mail, indiegogo probably not, and you could not get an automated notification from them.
Anyway, I am here and post reddit links, so everything is fine Smiley
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
February 17, 2015, 03:49:48 AM
#10
It was posted to the indiegogo campaign page as well, so if you contributed you should have gotten an email with this text, as far as I know. Smiley
Nope no email received but this could be due to the fact that i purchase mine after the funding campaign ended, i think it was about the start of November i ordered, receipt is at work so i can check and update this post tomorrow.

Update: The invoice i have doesn't have an order date just 01/01/2015 but i know i didn't order it on new years day.
hero member
Activity: 707
Merit: 500
February 17, 2015, 03:40:29 AM
#9
It was posted to the indiegogo campaign page as well, so if you contributed you should have gotten an email with this text, as far as I know. Smiley
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
February 17, 2015, 03:34:55 AM
#8
Just what i wanted, a million thank you's trasla.
I don't follow reddit much so thanks for bringing this to my attion and the btc forum.
legendary
Activity: 1638
Merit: 1010
https://www.bitcoin.com/
February 16, 2015, 11:20:42 PM
#6
Could be a good time to give another update on ETA of this Entropy device.
hero member
Activity: 707
Merit: 500
November 01, 2014, 09:58:27 PM
#5
looks good. hopefully its cheaper than trezor  Cry

The crowd funding buy links should still be open, 40 USD:
http://mycelium.com/entropy
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
November 01, 2014, 03:35:02 AM
#4
looks good. hopefully its cheaper than trezor  Cry
hero member
Activity: 707
Merit: 500
October 31, 2014, 05:10:26 AM
#3
Nice to include Shamir's Secret Sharing! How do these print-outs look like?

Somewhat like this:
https://i.imgur.com/CGHWIcS.jpg
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
October 31, 2014, 02:13:37 AM
#2

Looking good!

Nice to include Shamir's Secret Sharing! How do these print-outs look like?
legendary
Activity: 1680
Merit: 1035
October 29, 2014, 12:57:22 PM
#1
Hi guys. Here is the update on the Entropy progress. The software is done, the hardware is finalized, the CE compliance is done (shown on the USB connectors in the image below), and the circuit boards are finished and ready for assembly. We were expecting them earlier, but because we changed the cases from plastic to metal, we ended up having to move chips around on the board to make sure they fit into the slimmer cases. As a result, the devices are much more durable, the metal case shielding makes them resistant to any EM interference, and it spares us from needing to go through extensive FCC and CE testing. (You can see the comparison of the old design to the new cases in the image links below).

Because we were not completely sure that the slightly redesigned boards would fit and align with the cases correctly, we had to only order a few sample cases so we could test them to see if they fit right. Since the circuit boards are at the assembly facility, we created an exact 3D printed replica of the board to test the fit (picture below). Now that we know that they fit ok, the cases are being ordered, and as soon as they get here, everything will get assembled, flashed, packaged, and shipped out. Sadly, and unexpectedly, the company making the metal cases has given us a 6 week estimate as their expected production and assembly time. So although we have everything else ready, we apparently miscalculated on the estimate for how long it would actually take to put the things together. In short, when we guessed way back in June how long this would take, we ended up guessing wrong, and we are extremely sorry about that. Yes, we are aware of the ridiculous trend of delays in this market, and we were really hoping that we wouldn't be another example (for a while we actually thought that maybe we could get them out even before October), but we are practically finished at this point, and just got surprised by the final step.

On the bright side, this does give us extra time to tighten up the software security even more. Actually, in a way, all our delays - from moving expected shipping to late October instead of earlier (after initial feedback led us to add many more entropy sources to protect against compromised hardware), to the metal cases slowing us down now (which we decided on after we received concerns about interference from nearby high voltage power lines) - have been due to the feedback and suggestions in security improvements from our community. In a way, this project became an open collaborative process, with a lot of discussion and feedback, and although it slowed things down a bit, it did increase the security of the devices considerably. We have increased the number of entropy sources, and added even more internal tests against outside interferences (such as fluctuations in temperatures, magnetic interference, timing, etc) to make sure the entropy sources are not compromised. We also added custom settings, such as switching between Bitcoin, Litecoin, and testnet, switching between compressed and uncompressed keys, and software key signatures for those who want to build their own firmware. With the delay, we will use this extra time to add even more customizable security settings, such as the ability for you to add your own random salt (such as Diceware) so you can generate verifiably random keys even without having to trust us and our hardware suppliers, as well as tools for users to obtain the raw random data which is generated by Mycelium Entropy every time it is plugged in, and to analyze it to verify that this seed random data contains more than enough entropy on the random seed to properly generate a unique private key, that the random seed data is unique, and there are no deterministic techniques used to generate it (that it is really an entropy-based white noise collected in the silicon of the Entropy device microcontroller).

When we are done with these things, they will probably be the most secure private key generators on the market (not counting your printer security...). To help with that, we are also now releasing the source code for the Entropy devices, which you can find here:

https://github.com/mycelium-com/entropy

Please feel free to review the code, and let us know if you have any concerns about anything, or if you want us to add something or even contribute your own code. For those looking to add altcoin support, now is your chance to figure out how as well.

* [Old device design](https://i.imgur.com/IVmisRt.jpg)
* [New device design](https://i.imgur.com/aLq7nbN.jpg)
* [New device in case](https://i.imgur.com/lKU8OM0.jpg)
* [3D printed circuit board to test fit](https://i.imgur.com/gwNqpso.jpg)
* [USB connectors w/ CE certification](https://i.imgur.com/UHlvZlN.jpg)
* [Engraved cases](https://i.imgur.com/6ySzZMz.jpg)
Jump to: