Pages:
Author

Topic: SeedSigner: Review (Read 696 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
February 22, 2024, 01:58:51 PM
#38
wooden SeedSigner case!
That's my taste, right there! Better than both plastic and aluminum. I neither knew about the wooden fiber; I don't have a 3D printer, but I like the aesthetics.  Smiley

No it's not because there are to many ''random stickers'' for something that is not really random and can be reproduced.
My point is that you wouldn't call such a thing "random". You would call it unfair or biased. If you know that heads comes more frequently than tails, then you can predict the final output. If both heads and tails have the same probability, then you wouldn't call it "truly random", just "random" would do fine. I agree that it mustn't be binary, but where do we draw the line between random and non-random?

It just seems to me that we don't care if the dice is completely fair-- ergo, random. What matters to us is if it is rolled enough times-- ergo, the entropy generated is sufficient. Therefore, we don't care about being "truly random" or not, we care about minimizing the predictability (maximizing the entropy).
legendary
Activity: 2212
Merit: 7064
February 22, 2024, 12:33:15 PM
#37
I already showed you aluminum metal case for Seedsigner, and there are many variations of plastic cases, but someone recently made unique wooden SeedSigner case!
I didn't know this, but apparently you can also use wooden fibers in 3d printing machines to make enclosures like this.
This looks amazing, and you can download and print your own as .stl files and everything else is released as open source  Smiley
https://github.com/SeedSigner/seedsigner/tree/dev/enclosures/open_pill_mini_w_coverplate


https://twitter.com/SeedSigner/status/1757890380572270810

Is it just me or is the phrase "true randomness" a bit of mixture of pleonasm and misleadingness?
No it's not because there are to many ''random stickers'' for something that is not really random and can be reproduced.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
February 08, 2024, 03:48:19 PM
#36
Be careful with that, or you'll end up like coldcard user who used their dice generation feature with weak entropy and lost all his coins.
Let's just say that, fortunately, SeedSigner won't allow me to use a single dice result as an entropy!  Tongue

Same could be said for any generation that is not true random, and that means that it can be reproduced and cracked much easier.
Is it just me or is the phrase "true randomness" a bit of mixture of pleonasm and misleadingness? It kinda bothers me. If something is random, then people can't guess it; the outcome is totally unpredictable, and every possible outcome has the same probability. If that would be false, you wouldn't call it "fake randomness". You would simply call it non-random, or biased. In the case with generating entropy, both /dev/urandom and dice rolls are evidently random, hereby "truly random". But what matters in the end is being provably random.

Rolling dice is provably random, because you control the interface. /dev/urandom on the other hand requires some trust on the hardware.
legendary
Activity: 2212
Merit: 7064
February 08, 2024, 03:29:38 PM
#35
I disregard the "take a seed picture" for generating entropy too. However, using coin / dice results as the entropy is the single most provable way to generate randomness. I agree that /dev/urandom is sufficient for the most part, but not for the paranoid (AKA, those who don't trust their device).
Be careful with that, or you'll end up like coldcard user who used their dice generation feature with weak entropy and lost all his coins.  Tongue
Same could be said for any generation that is not true random, and that means that it can be reproduced and cracked much easier.

Raspberry Pi zero isn't designed to run Linux, as far as I'm concerned.
As far as I know RaspberryOS aka Raspbian is literally based on Debian linux code.
https://en.wikipedia.org/wiki/Raspberry_Pi_OS

Anyway, I saw Seedsigner devs are finishing conversion of code for much more devices soon, as a part of new HRF bounty.
That means you will be able to run Seedsigner code on more devices soon, not just on Rpi.

 
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
February 08, 2024, 02:51:22 PM
#34
Is it me or you compare the disk (card) size the OS image file with the device's RAM capacity?
My bad! It doesn't have a RAM requirement, so it probably works with all models as displayed.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
February 08, 2024, 02:38:51 PM
#33
You can install Linux on RPi Zero 2W which is the model I have. I have installed Raspbian Lite.
It is odd, though, because Raspbian Lite OS requires 520 MB of RAM, whereas Pi zero can handle up to 512 MB. Am I missing anything?

Is it me or you compare the disk (card) size the OS image file with the device's RAM capacity?
From the image file at the end more space will be occupied and also you don't have to keep all the OS files in RAM in the same time, right?
hero member
Activity: 560
Merit: 1060
February 08, 2024, 02:28:56 PM
#32
It is odd, though, because Raspbian Lite OS requires 520 MB of RAM, whereas Pi zero can handle up to 512 MB. Am I missing anything?

No you are not missing anything. It just works Tongue I can't do anything with it though, so I abandonned it.

By the way, I just checked, because I also found it curious, I run the legacy version which requires 363MB.

It is not a Linux distro. How do I know? Hint: 99.9% of the code is written in Python!  Tongue

Anyways, I don't believe that users should put trust on a CSPRNG that is not tested enough (as we wouldn't go with /dev/urandom). Besides, the spirit of the project is to trust none, including your RNG!  Smiley

Sounds like a rational explanation. Sounds like I should abandon the idea. Consider it a bad idea, or better, a not valid idea.

Anyway, thanks again for the guide / review. It was helpful.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
February 08, 2024, 02:21:57 PM
#31
You can install Linux on RPi Zero 2W which is the model I have. I have installed Raspbian Lite.
It is odd, though, because Raspbian Lite OS requires 520 MB of RAM, whereas Pi zero can handle up to 512 MB. Am I missing anything?

Anyway, SeedSigner is an OS, so we need to go deep into its code to check if we can use something like /dev/urandom. If SeedSigner is like a linux distribution, it could be possible, but I seriously have no idea if it is doable.
It is not a Linux distro. How do I know? Hint: 99.9% of the code is written in Python!  Tongue

Anyways, I don't believe that users should put trust on a CSPRNG that is not tested enough (as we wouldn't go with /dev/urandom). Besides, the spirit of the project is to trust none, including your RNG!  Smiley
hero member
Activity: 560
Merit: 1060
February 08, 2024, 02:02:06 PM
#30
Raspberry Pi zero isn't designed to run Linux, as far as I'm concerned. It has 512 MB RAM, and almost all distros I know require more than that. How do you suggest we utilize such a source without having e.g., /dev/urandom?

You can install Linux on RPi Zero 2W which is the model I have. I have installed Raspbian Lite. The problem with it, is that it supports WiFi, which is a problem. Anyway, SeedSigner is an OS, so we need to go deep into its code to check if we can use something like /dev/urandom. If SeedSigner is like a linux distribution, it could be possible, but I seriously have no idea if it is doable.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
February 08, 2024, 01:43:38 PM
#29
However, I dislike the "enter your own randomness" idea. Therefore I don't really use it.
I disregard the "take a seed picture" for generating entropy too. However, using coin / dice results as the entropy is the single most provable way to generate randomness. I agree that /dev/urandom is sufficient for the most part, but not for the paranoid (AKA, those who don't trust their device).

Do you believe it would be a good idea to slightly change the code to generate entropy using some CSPRNG source?
Raspberry Pi zero isn't designed to run Linux, as far as I'm concerned. It has 512 MB RAM, and almost all distros I know require more than that. How do you suggest we utilize such a source without having e.g., /dev/urandom?
hero member
Activity: 560
Merit: 1060
February 08, 2024, 01:14:54 PM
#28
Brilliant guide BlackHatCoiner. I have also tried to assemble a SeedSigner in the past. Suddenly the camera stopped working and I had it changed.

I like SeedSigner because in general I like DIY stuff. However, I dislike the "enter your own randomness" idea. Therefore I don't really use it.

But SeedSigner had all the small conveniences I wanted. Like the fact that you can easily scan a QR code to load the wallet (I think Jade has this feature too).

Nevertheless, I have a question and I have also thought about it. Do you believe it would be a good idea to slightly change the code to generate entropy using some CSPRNG source? It's still too abstract in my mind, but perhaps you have thought about it too. I mean since the code is open-source. I have recently written this script: https://bitcointalksearch.org/topic/--5483173 which uses /dev/urandom to generate entropy. It doesn't do anything too fancy, but perhaps we could incorporate something similar to the Seed Signer. Perhaps...
legendary
Activity: 2212
Merit: 7064
February 07, 2024, 03:45:50 PM
#27
Now imagine using a Seedsigner in combinaison with a Seedkeeper to safeguard your seedphrase in a secure element...
You can if you are brilliant like Crypto Guide  Cheesy
He didn't post anything for more than a month, so I am sure he is working on something new to release in public.
One of the rear crypto guys you can follow on youtube this days:
https://youtu.be/NTdiji9KpRE
full member
Activity: 310
Merit: 151
Hardware and open source software solutions.
February 07, 2024, 05:05:41 AM
#26


Now imagine using a Seedsigner in combinaison with a Seedkeeper to safeguard your seedphrase in a secure element...



legendary
Activity: 2212
Merit: 7064
February 06, 2024, 02:01:41 PM
#25
If you like what SeedSigner is doing than you are going to love the new premium version enclosure made from high quality aluminum metal.
There are several websites already offering this product as a separate enclosure only for €69, or as a prebuilt version for €150, and there are a bunch of colors to choose from.
I just love how cool it looks with milled, sandblasted and anodized aluminum case.


https://www.gobrrr.me/product/seedsigner-aludiy/
https://vulcan21.com/product/seedsigner-premium-orange/
https://xmrstreet.store/product/monerosigner/
https://btc-hardware-solutions.square.site/product/premium-milled-aluminum-seedsigner/20?cs=true&cst=custom

PS
Seedsigner devs are also working on payjoin implementation for more privacy, and other code improvements.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
January 29, 2024, 05:08:12 AM
#24
Important updates.

As of writing this, v0.7.0 is released.

- You can now verify addresses[1][2]. That solves the security problem of an attacker compromising your watch-only wallet and replacing your addresses with theirs, and tricking you into believing you own bitcoin that you actually don't. Now that is impossible if you verify the address with your seed signer right before you request receiving bitcoin.
- You can now sign messages[3][4][5]. Same as with unsigned transactions, you can request from a supported wallet software (e.g., Sparrow) to sign a message by scanning and displaying QR codes.
- SeedSigner is reproducible[6].
- Booting takes about 12 seconds to finish, which is about 66% less than in v0.5.0.

And other highlighted in their repository.

[1] https://talkimg.com/images/2024/01/29/kcbbN.png
[2] https://talkimg.com/images/2024/01/29/kcDSa.png
[3] https://talkimg.com/images/2024/01/29/kcOso.png
[4] https://talkimg.com/images/2024/01/29/kcW9T.png
[5] https://talkimg.com/images/2024/01/29/kcqal.png
[6] https://github.com/SeedSigner/seedsigner/releases/
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 22, 2023, 01:47:48 PM
#23
Bump.

Fixed dead images using Talkimg.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
June 17, 2022, 07:11:48 AM
#22
BlackHatCoiner, I don't know where you're located, but I can print something like this for free for you mate. Smiley
Dear lord, I had forgotten to respond to this kind offer... I've already used to the orange pill now, but thanks!  Wink




So, apparently, the dice results aren't calculated as I thought, with 1.66 bits in each roll.
Quote
One thing I also don't understand is how the rolls are 50/99 exactly. Doesn't each give 1.66 bits of entropy on average? 

Instead, they choose to SHA256 the result, which looks like "25516341...", and then convert the hash to mnemonic. At least that's what I understand from their source code. So, 50 rolls, if the dice is fair, provide 6^50 bits of security*, which is about 3 times 2^128. However, because I'm completely paranoid when it comes to dice fairness, I've chosen to roll it 99 times. Just in case.

*An ECDSA private key provides 128 bit security, though.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
June 05, 2022, 06:10:31 PM
#21
I can change it whenever I want, but I don't want to wait 2+ weeks again nor to pay 20+ EUR for a case. The one I have does the job nevertheless. No, I don't have a 3D printer.
Dude, you can print the case anywhere you want in your local area for few bucks  Cheesy
I am sure you can find bunch of ads from people and services who are offering 3d printing services, most I know are 3d designers or just owners of 3d printers.
They don't even know what they are printing when I order it from them, it's dirt cheap and I don't have to wait more than few hours or a day for delivery.
BlackHatCoiner, I don't know where you're located, but I can print something like this for free for you mate. Smiley

Even made a topic about this after joining the forum. I don't operate the machines anymore lately, but I can fire them up if needed.
[...]

It's simple math, and if you are not mathematician you can't understand it easily.
Companies wouldn't waste millions of dollars to achieve true randomness if gameboy, nintendo or raspberry pi was able to achieve this.
Research this subject deeper to understand it better, key point is if something can be reproduced or not.
Actually it seems he did his research and apparently the Linux kernel does use external sources of entropy nowadays; which would mean the gap between PRNG and TRNG is closing a bit.

But when you get into very large or very small numbers (or probabilities in this case), they get extremely hard to imagine.
I like these types of videos to better envision them:
https://www.youtube.com/watch?v=tnIFQIu3tZ0

A little off-topic, but this one is about the security of 256-bit:
https://www.youtube.com/watch?v=S9JGmA5_unY

And of course the well-known dyson sphere infographic:


What I'm trying to say is that in the field of such large / small numbers, even pretty large factors may not make a large practical difference.
For example, an entropy multiple orders of magnitude worse than another one, can be practically just as secure, while mathematically and information-theoretically being a lot worse.

That's why sometimes (also in this thread) statements are made about software randomness being 'very bad entropy' or similar, even though it may still be totally viable for many applications. It's just 'terrible' in information theory / maths realms. Wink
legendary
Activity: 2212
Merit: 7064
June 05, 2022, 12:03:12 PM
#20
I can change it whenever I want, but I don't want to wait 2+ weeks again nor to pay 20+ EUR for a case. The one I have does the job nevertheless. No, I don't have a 3D printer.
Dude, you can print the case anywhere you want in your local area for few bucks  Cheesy
I am sure you can find bunch of ads from people and services who are offering 3d printing services, most I know are 3d designers or just owners of 3d printers.
They don't even know what they are printing when I order it from them, it's dirt cheap and I don't have to wait more than few hours or a day for delivery.

Seriously though, why isn't an RNG generating true random results, and if it isn't, which opens up a philosophical question, why does the TRNG, indeed, generate true randomness? To be precise, urandom is a Cryptographically Secure Pseudorandom Number Generator (CSPRNG), and to be honest, I'm a complete noob when it comes to this field, but I somewhat agree with this perspective.
It's simple math, and if you are not mathematician you can't understand it easily.
Companies wouldn't waste millions of dollars to achieve true randomness if gameboy, nintendo or raspberry pi was able to achieve this.
Research this subject deeper to understand it better, key point is if something can be reproduced or not.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
June 05, 2022, 08:51:10 AM
#19
PRNG is only pseudo-random and doesn't use any 'real' source of entropy;
It does use "real" source of entropy, or to formulate more properly: It does use events happening outside the machine, such as environmental noises:
The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.
That's interesting; I suppose though that the quality of randomness (entropy) will vary by the type of device in question. Some may have more 'sensors' or other ways to acquire external noise. It should also be kept in mind that a big challenge of hardware entropy is digitizing an analog entropy source without 'moulding' it in a certain way that introduces a bias, which would detrimentally affect the entropy.

Sure, they're well researched and gradually improved in decades of research, but they remain 'pseudo'-random.
Does this make them more susceptible to a brute-force attack? I'm trying to understand what's the weakness of pseudo-randomness, but I feel like beating a dead horse.
To be honest, I don't think a state-of-the-art PRNG (especially if it does use external sources of entropy as you described) will be realistically easier to attack (think of stuff like a hundred years instead of 200 and numbers like this, if not higher). Even though it might be off by magnitudes from a true randomness source, today's software randomness is usually good enough for all practical scenarios.

If /dev/urandom really incorporates what I'd call true randomness and doesn't degrade its entropy too much, it means it's trying to get more and more similar (or even become) a TRNG in the long run. This again shows that on paper, a TRNG is always better; it's just that it's not always feasible or practical to implement in off-the-shelf devices. Even an outdated, seed-based PRNG is enough for most (read: non-cryptographic) use-cases, like generating random bytes for something.

By the way, a quick web search revealed, that apparently, /dev/random is better for cryptograhpy.
/dev/urandom is best used when:
  • You just want a large file with random data for some kind of testing.
  • You are using the dd command to wipe data off a disk by replacing it with random data.
  • Almost everywhere else where you don’t have a really good reason to use /dev/random instead.
/dev/random is likely to be the better choice when:
  • Randomness is critical to the security of cryptography in your application – one-time pads, key generation.

Actually, this seems like pretty sensible advice before generating a seed from /dev/random or /dev/urandom:
The current amount of entropy and the size of the Linux kernel entropy pool, both measured in bits, are available in /proc/sys/kernel/random/ and can be displayed by the command cat /proc/sys/kernel/random/entropy_avail and cat /proc/sys/kernel/random/poolsize respectively.
Pages:
Jump to: