PrologueSo, a month ago, I was trying to find out
which hardware wallet should I buy. My conditions were simple; it had to be open-source and I had to make the purchase in the most private way possible. My only option was to buy BitBox 1, but it happens to be old, deprecated and their developers
aren't known for being privacy seekers, which really underwhelmed me.
My only choice was to purchase a hardware wallet outside my country using a poste restante, which I didn't want to do for personal reasons. But, then dkbit98 suggested something I hadn't thought of; do the job with a Pi.
I don't know if you want to use hardware wallet just for Bitcoin or for other shitcoins, but if it's only for good old BTC than you can buy Raspberry Pi zero locally and make your own SeedSigner signing device.
And so I did. I bought a RPi Zero, a camera, a little screen and a few other stuff, and built a SeedSigner; an air-gapped
hardware wallet signing device, which takes security into the next level.
Disclaimer: There's no affiliation with SeedSigner and this thread isn't sponsored. I just bought it and share my thoughts.
Review
In summary:Pros:
Cons:
- Little hard setup
- Experimental software; the project is, well from what I can judge, in an early stage
- Works only with BlueWallet, Nunchuk, Sparrow, Specter Desktop
- It's forcing you to generate the entropy yourself
Alright, let's begin.
SeedSigner aims to give a solution to one problem; the cost and complexity of multi-sig usage. However, at the same time, it can be used for single-sig setups, lowering the cost of your "hot" storage as well. There's nothing saved inside the SD card, besides your settings which is optional, therefore there's less danger for funds' loss. When you shut down SeedSigner, it erases the seeds; they're meant to be kept temporarily in memory and you have to import the seed on each startup. And that's basically one of the features that makes SeedSigner differentiate.
This has the following advantage: You can have the device on plain sight (don't, but you get the idea). As far as I understand, this is implemented to reduce the risk of money loss. For cold storage, create the QR code and find a good hiding spot. For daily transactions, you can just insert it into your drawer etc., without minding much.
For quick imports, use QR scanning:
Unfortunately, you can't create a new seed with an internal RNG. SeedSigner somewhat forces you to generate the entropy yourself. Either with a picture or dice rolls.
I get the spirit of "trust none!", but that's just wrong. It should allow you to generate random entropy, even with a warning. Furthermore, it gives a false sense of security. If you don't test the dice is decently fair, then you shouldn't generate a wallet. Period. Quoting a forum legendary is needed here:
Coders who make their own ad hoc randomness schemes are like kids playing with matches.
Hashing a picture can also be problematic, see thread:
Turn photos into Bitcoin wallets. So, here's a feedback: Include
/dev/urandom. Simple. Do it for those who want to avoid this fuss.
This is how they justify it:
One thing I also don't understand is how the rolls are 50/99 exactly. Doesn't each give
1.66 bits of entropy on average?
These are the features:
Feature Highlights:- Calculate word 12/24 of a BIP39 seed phrase
- Create a 24-word BIP39 seed phrase with 99 dice rolls
- Create a 24-word BIP39 seed phrase by taking a digital photo
- Temporarily store up to 3 seed phrases while device is powered
- Guided interface to manually create a SeedQR for instant input (demo video here)
- BIP39 passphrase / word 25 support
- Native Segwit Multisig XPUB generation w/ QR display
- Scan and parse transaction data from animated QR codes
- Sign transactions & transfer XPUB data using animated QR codes (demo video here)
- Live preview during photo-to-seed and QR scanning UX
- Optimized seed word entry interface
- Support for Bitcoin Mainnet & Testnet
- Support for custom user-defined derivation paths
- On-demand receive address verification
- User-configurable QR code display density
- Responsive, event-driven user interface
One thing I've forgotten to say is that, besides open-source, the code is also easy to read. It's 100% written in Python, and there aren't many files to check. It doesn't take more than an hour. The
src/seedsigner/models is what's all about.
How to use itThese are the steps to spend money:
- Create a seed.
- Export the master public key with a QR code.
- Import the master public key to a wallet software. (From the available, I prefer Sparrow*)
- Create a transaction.
- Export the PSBT in QR code from your computer's screen.
- Scan the QR code from SeedSigner.
- Sign the transaction from Seed Signer.
- Export the signed transaction in QR code.
- Scan the QR code from your computer.
- Broadcast the signed transaction
Ta-da! Transaction signed in the air!
*Sparrow is a wallet I'd never used, as I put Electrum above others, but I'll have to admit it's good. Perhaps even better than Electrum. The reason you can't use Electrum (at least not easily) is because it doesn't support animated QR codes, which is the way SeedSigner exports xpub keys and signs transactions. That's because the screen isn't big enough.
No, these cool, freshly 3D
printed mined bitcoins in the images above aren't included in the SeedSigner Kit.