Topic: SeedSigner: Review - page 2. (Read 628 times)

It does use "real" source of entropy, or to formulate more properly: It does use events happening outside the machine, such as environmental noises:
Does this make them more susceptible to a brute-force attack? I'm trying to understand what's the weakness of pseudo-randomness, but I feel like beating a dead horse.

The issue with this (besides the slight argument from authority) is that it's a little bit like the issue of 'n-th generation PoS blockchain' - if you're building sophisticated, fancy stuff on top of a bad foundation, you won't get the best results and will always be restricted by the limits of your foundation. PRNG is only pseudo-random and doesn't use any 'real' source of entropy; just algorithms that try to get as close as possible to that. Sure, they're well researched and gradually improved in decades of research, but they remain 'pseudo'-random.

I can change it whenever I want, but I don't want to wait 2+ weeks again nor to pay 20+ EUR for a case. The one I have does the job nevertheless. No, I don't have a 3D printer.


Seriously though, why isn't an RNG generating true random results, and if it isn't, which opens up a philosophical question, why does the TRNG, indeed, generate true randomness? To be precise, urandom is a Cryptographically Secure Pseudorandom Number Generator (CSPRNG), and to be honest, I'm a complete noob when it comes to this field, but I somewhat agree with this perspective.

One more interesting thing I saw is that some people are working on new SeedSigner OS with minimal Raspberry Pi image.
I didn't test this myself, but this is step in good direction because I never liked slow loading speed for SeedSigner, and I think this can speed up things a lot.
This project is open source, and it's freely posted with easy instructions on github by DesobedienteTecnologico:
https://github.com/DesobedienteTecnologico/seedsigner-os

It seems that the time is not far off when users will massively assemble devices for themselves using open-source software and available components, following the example of BlackHatCoiner. This allows you to individualize each device to suit your needs and tasks. I wanted something similar to appear, but to my surprise, as it turned out, it is already possible to assemble the device myself and it's just great. The issue of security of funds for bitcoiners will always be relevant and the emergence of such a hand-made direction was inevitable. Especially considering that hardware wallet manufacturers are increasingly gaining influence and power in this niche, which in itself contradicts the idea of ​​freedom and decentralization. So, people who understand the advantages of homemade devices (of course, I mean assembly from ready-made components, as in the review of this topic) will abandon the already widespread hardware wallets, like ledger and trezor.

For anyone who is interested to test how SeedSigner wallet works, without actually purchasing RaspberryPi and other hardware elements, you can try testing SeedSigner elmulator.
This is working on desktop computers for all operating systems (windows/linux/mac) and I saw someone was able to install it on old android smartphone.
Code is released on github by enteropositivo:


https://github.com/enteropositivo/seedsigner-emulator

Yes it does, and that's what it'll remain for me, because not only don't I have enough crypto to justify another HW wallet, but I'd have to learn how to do everything BlackHatCoiner did to create this neat-looking wallet.  I give him props for doing so, because it looks cool as hell and I've long been fascinated by Raspberry Pi's.

Thanks for posting this, OP.  I'm going to go back and give your post a closer read and try to learn something.

Thanks for the review. RPis have a hardware RNG as /dev/hwrng and to my knowledge it passes most of the die-hard tests. Throw your dice or hash a picture and XOR it with /dev/urandom and/or /dev/hwrng: this way even suboptimal dice throws don't matter when XORed with a good-enough "true" random independent entropy source.
For meatspace it's difficult to produce good randomness.

First time I heard about gobrrr website was in bitcointalk forum and I think they have very good prices for everything, especially when we know how hard is to find Raspberry Pi with lower prices on other websites.

There is nothing wrong with Orange Pill case and you can change it anytime if you do it carefully.
I prefer printing my own case with custom colors with freely available .STL files.

Any device that have RNG option is not really generating true random results that can't be reproduced, that is why we have TRNG,
but wallets like trezor are trying to fix this with mixing multiple sources to create better random value, that is still not good in my opinion.

I have thought a while ago to build the Seedsigner but unfortunately, the components that are available in my country are just too expensive so I just hang it for some time while waiting for the prices to come down. Anyway, props to you, this review furtherly explains about what Seedsigner is all about.

---

Their whole OS is indeed fully booted up from the ram[1]. Even if you do a manual installation, it recommends the user to disable the swap file[2].

---

I found this repo which may explain the reasoning why they decided to go that way: https://github.com/SeedSigner/independent_custody_guide#creating-secure-private-keys-in-a-trust-minimized-way.

Not sure I agree with their explanation of wanting to generate entropy via meatspace. I'd like to think that a hardwallet takes much of the responsibility of generating entropy off the person as possible, since for me hardware wallets are more likely to be bought, and used by newbies. Alright, maybe SeedSigner isn't as accessible as ready made options, but still I prefer to idea of taking that out of the users hands or at very least giving an option to the user.

Ah, yeah I seem to have forgotten about that small detail . That makes sense. Well cheers for the review, wasn't overly familiar with SeedSigner.

Excellent review.

In all honesty I feel the idea is a lot better than the execution.  I had considered conducting this experiment myself but decided against it feeling it's not as safe, secure, or functional as an air-gapped Pi (or other PC) running an open-source OS such as Ubuntu.  My main concern with the setup is that you have to keep your seed phrases accessible or pull them out of hiding once in a while, which exposes them to significantly more risk than is necessary.  Conversely, an air-gapped PC can store your seeds relatively safely behind strong encryption, and multiple layers of encryption can be implemented.  Once you're seeds are paired with wallets they never need to be exposed again.

Theft of loss of SeedSigner appears to pose slightly less risk, assuming the seed is thoroughly purged from the system.  I haven't audited the code, but I assume the seed is stored in ram while the device is in use.  If the OS uses swap files to store the seed it can retain the information unless it's overwritten with random bits as the device is being powered down.  I don't know about you, but none of that would really ease my concerns if the device was stolen.  Again, a thoroughly encrypted OS is likely to buy you more time to discover the loss of the device and move your funds.

One benefit to the experiment, however is that if you tire of it you have all you need to convert it into an air-gapped PC (with the exception that I would want a bigger screen.)

All in all, it looks like a really fun project whether you use it to manage funds or not.  

I ordered it from gobrrr.

Yep, but I thought the default would be a better option. Proved wrong. 

Which thing isn't random nor secure exactly? Pi's RNG? urandom?

But, I don't blame them for my possibly less unpredictable entropy. Of course and it's my responsibility to ensure the dice is fair. But, you don't get to force me go with your way, just because you think it's right. This attitude is translated to a little disrespect, one might say, towards actual cryptographers who've studied more than you've done, and have concluded to using a CSPRNG.

Let me choose a "Use Pi's RNG" option, and if you don't recommend it, show a warning.

Nice to see you decided to give SeedSigner a try BlackHatCoiner, but you didn't say if you ordered that orange pill case from third party or you  3d printed it yourself?
I have to say there are much better and smaller SeedSigner cases and I prefer them instead of this default option, my favorite is Lil'Pill but there are other .STL files released as open source.

This is fortunately advantage for me, and I prefer to generate my own seed words.
Most people would just use default entropy generation that is not really random nor secure, that is why they decided to go this direction.
If you make any mistake during this process you can only blame yourself, not SeedSigner aka Rpi

I tested Sparrow wallet before and I think it's even better for multisig setup compared to Electrum wallet.
There are some stuff they need to fix with adding and removing devices (that was when I tried it), but I generally liked it and it's good alternative for Electrum.

Nice review!
It looks like a wonderfully nice toy, it's on my wish list too for some while, for when my HW dies or Pi Zero will be again in stock in my country, whichever comes first.
Until then the software should also get more mature + maybe Electrum will also implement the missing feature(s).


Camera + screen are the two directions/devices for transferring information between SeedSigner and the hot wallet. Both are crucially important.

It's necessary. Without the camera you can't scan the PSBT from your computer's monitor.

Always a massive fan of users DIYing this sort of stuff. I've sadly run out of merit though.

I'm assuming the dearest piece of kit here is the camera, which might not be necessary for users that don't want to scan QR codes? Since, most other hardware wallets don't offer this, you could potentially even argue that this is an additional expense that isn't really needed. I guess the convenience is there if you need it though.

Prologue
So, a month ago, I was trying to find out which hardware wallet should I buy. My conditions were simple; it had to be open-source and I had to make the purchase in the most private way possible. My only option was to buy BitBox 1, but it happens to be old, deprecated and their developers aren't known for being privacy seekers, which really underwhelmed me.

My only choice was to purchase a hardware wallet outside my country using a poste restante, which I didn't want to do for personal reasons. But, then dkbit98 suggested something I hadn't thought of; do the job with a Pi.

And so I did. I bought a RPi Zero, a camera, a little screen and a few other stuff, and built a SeedSigner; an air-gapped hardware wallet signing device, which takes security into the next level.  

Disclaimer: There's no affiliation with SeedSigner and this thread isn't sponsored. I just bought it and share my thoughts.

---

---

In summary:

Pros:

• Open source, github page: https://github.com/SeedSigner/seedsigner
• Air-gapped
• Relatively cheap ($50~$100)
• Separation between private key storage and signing
• Can be bought anonymously (without KYC, AOPP etc.)

Cons:

• Little hard setup
• Experimental software; the project is, well from what I can judge, in an early stage
• Works only with BlueWallet, Nunchuk, Sparrow, Specter Desktop
• It's forcing you to generate the entropy yourself

---

---

Alright, let's begin.

SeedSigner aims to give a solution to one problem; the cost and complexity of multi-sig usage. However, at the same time, it can be used for single-sig setups, lowering the cost of your "hot" storage as well. There's nothing saved inside the SD card, besides your settings which is optional, therefore there's less danger for funds' loss. When you shut down SeedSigner, it erases the seeds; they're meant to be kept temporarily in memory and you have to import the seed on each startup. And that's basically one of the features that makes SeedSigner differentiate.

This has the following advantage: You can have the device on plain sight (don't, but you get the idea). As far as I understand, this is implemented to reduce the risk of money loss. For cold storage, create the QR code and find a good hiding spot. For daily transactions, you can just insert it into your drawer etc., without minding much.


For quick imports, use QR scanning:

---

Unfortunately, you can't create a new seed with an internal RNG. SeedSigner somewhat forces you to generate the entropy yourself. Either with a picture or dice rolls.


I get the spirit of "trust none!", but that's just wrong. It should allow you to generate random entropy, even with a warning. Furthermore, it gives a false sense of security. If you don't test the dice is decently fair, then you shouldn't generate a wallet. Period. Quoting a forum legendary is needed here:

Hashing a picture can also be problematic, see thread: Turn photos into Bitcoin wallets. So, here's a feedback: Include /dev/urandom. Simple. Do it for those who want to avoid this fuss.

This is how they justify it:

One thing I also don't understand is how the rolls are 50/99 exactly. Doesn't each give 1.66 bits of entropy on average?  

---

These are the features:

One thing I've forgotten to say is that, besides open-source, the code is also easy to read. It's 100% written in Python, and there aren't many files to check. It doesn't take more than an hour. The src/seedsigner/models is what's all about.

---

How to use it

These are the steps to spend money:

• Create a seed.
• Export the master public key with a QR code.
• Import the master public key to a wallet software. (From the available, I prefer Sparrow*)
• Create a transaction.
• Export the PSBT in QR code from your computer's screen.
• Scan the QR code from SeedSigner.
• Sign the transaction from Seed Signer.
• Export the signed transaction in QR code.
• Scan the QR code from your computer.
• Broadcast the signed transaction

Ta-da! Transaction signed in the air!  

*Sparrow is a wallet I'd never used, as I put Electrum above others, but I'll have to admit it's good. Perhaps even better than Electrum. The reason you can't use Electrum (at least not easily) is because it doesn't support animated QR codes, which is the way SeedSigner exports xpub keys and signs transactions. That's because the screen isn't big enough.

---

---