Pages:
Author

Topic: SeedSigner: Review - page 2. (Read 696 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
June 05, 2022, 06:18:50 AM
#18
PRNG is only pseudo-random and doesn't use any 'real' source of entropy;
It does use "real" source of entropy, or to formulate more properly: It does use events happening outside the machine, such as environmental noises:
Sure, they're well researched and gradually improved in decades of research, but they remain 'pseudo'-random.
Does this make them more susceptible to a brute-force attack? I'm trying to understand what's the weakness of pseudo-randomness, but I feel like beating a dead horse.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
June 05, 2022, 04:58:23 AM
#17
Seriously though, why isn't an RNG generating true random results, and if it isn't, which opens up a philosophical question, why does the TRNG, indeed, generate true randomness? To be precise, urandom is a Cryptographically Secure Pseudorandom Number Generator (CSPRNG), and to be honest, I'm a complete noob when it comes to this field, but I somewhat agree with this perspective.
The issue with this (besides the slight argument from authority) is that it's a little bit like the issue of 'n-th generation PoS blockchain' - if you're building sophisticated, fancy stuff on top of a bad foundation, you won't get the best results and will always be restricted by the limits of your foundation. PRNG is only pseudo-random and doesn't use any 'real' source of entropy; just algorithms that try to get as close as possible to that. Sure, they're well researched and gradually improved in decades of research, but they remain 'pseudo'-random.

A [PRNG] is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by an initial value, called the PRNG's seed [...].

A [...] true random number generator (TRNG) is a device that generates random numbers from a physical process, rather than by means of an algorithm. Such devices are often based on microscopic phenomena that generate low-level, statistically random "noise" signals, such as thermal noise, the photoelectric effect, involving a beam splitter, and other quantum phenomena. These stochastic processes are, in theory, completely unpredictable for as long as an equation governing such phenomena is unknown or uncomputable, and the theory's assertions of unpredictability are subject to experimental test. This is in contrast to the paradigm of pseudo-random number generation commonly implemented in computer programs.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
June 05, 2022, 04:40:40 AM
#16
There is nothing wrong with Orange Pill case and you can change it anytime if you do it carefully.
I can change it whenever I want, but I don't want to wait 2+ weeks again nor to pay 20+ EUR for a case. The one I have does the job nevertheless. No, I don't have a 3D printer.

Any device that have RNG option is not really generating true random results that can't be reproduced, that is why we have TRNG

Seriously though, why isn't an RNG generating true random results, and if it isn't, which opens up a philosophical question, why does the TRNG, indeed, generate true randomness? To be precise, urandom is a Cryptographically Secure Pseudorandom Number Generator (CSPRNG), and to be honest, I'm a complete noob when it comes to this field, but I somewhat agree with this perspective.
legendary
Activity: 2212
Merit: 7064
June 04, 2022, 02:27:35 AM
#15
One more interesting thing I saw is that some people are working on new SeedSigner OS with minimal Raspberry Pi image.
I didn't test this myself, but this is step in good direction because I never liked slow loading speed for SeedSigner, and I think this can speed up things a lot.
This project is open source, and it's freely posted with easy instructions on github by DesobedienteTecnologico:
https://github.com/DesobedienteTecnologico/seedsigner-os
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
June 03, 2022, 03:08:42 PM
#14
It seems that the time is not far off when users will massively assemble devices for themselves using open-source software and available components, following the example of BlackHatCoiner. This allows you to individualize each device to suit your needs and tasks. I wanted something similar to appear, but to my surprise, as it turned out, it is already possible to assemble the device myself and it's just great. The issue of security of funds for bitcoiners will always be relevant and the emergence of such a hand-made direction was inevitable. Especially considering that hardware wallet manufacturers are increasingly gaining influence and power in this niche, which in itself contradicts the idea of ​​freedom and decentralization. So, people who understand the advantages of homemade devices (of course, I mean assembly from ready-made components, as in the review of this topic) will abandon the already widespread hardware wallets, like ledger and trezor.
legendary
Activity: 2212
Merit: 7064
June 03, 2022, 09:30:51 AM
#13
For anyone who is interested to test how SeedSigner wallet works, without actually purchasing RaspberryPi and other hardware elements, you can try testing SeedSigner elmulator.
This is working on desktop computers for all operating systems (windows/linux/mac) and I saw someone was able to install it on old android smartphone.
Code is released on github by enteropositivo:


https://github.com/enteropositivo/seedsigner-emulator
legendary
Activity: 3500
Merit: 6981
Top Crypto Casino
June 03, 2022, 01:13:21 AM
#12

It looks like a wonderfully nice toy
Yes it does, and that's what it'll remain for me, because not only don't I have enough crypto to justify another HW wallet, but I'd have to learn how to do everything BlackHatCoiner did to create this neat-looking wallet.  I give him props for doing so, because it looks cool as hell and I've long been fascinated by Raspberry Pi's.

Thanks for posting this, OP.  I'm going to go back and give your post a closer read and try to learn something.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
June 02, 2022, 06:21:45 PM
#11
Thanks for the review. RPis have a hardware RNG as /dev/hwrng and to my knowledge it passes most of the die-hard tests. Throw your dice or hash a picture and XOR it with /dev/urandom and/or /dev/hwrng: this way even suboptimal dice throws don't matter when XORed with a good-enough "true" random independent entropy source.
For meatspace it's difficult to produce good randomness.
legendary
Activity: 2212
Merit: 7064
June 02, 2022, 03:54:37 PM
#10
I ordered it from gobrrr.
First time I heard about gobrrr website was in bitcointalk forum and I think they have very good prices for everything, especially when we know how hard is to find Raspberry Pi with lower prices on other websites.

Yep, but I thought the default would be a better option. Proved wrong.
There is nothing wrong with Orange Pill case and you can change it anytime if you do it carefully.
I prefer printing my own case with custom colors with freely available .STL files.

Which thing isn't random nor secure exactly? Pi's RNG? urandom?
Any device that have RNG option is not really generating true random results that can't be reproduced, that is why we have TRNG,
but wallets like trezor are trying to fix this with mixing multiple sources to create better random value, that is still not good in my opinion.
legendary
Activity: 1932
Merit: 1273
June 01, 2022, 05:44:16 AM
#9
I have thought a while ago to build the Seedsigner but unfortunately, the components that are available in my country are just too expensive so I just hang it for some time while waiting for the prices to come down. Anyway, props to you, this review furtherly explains about what Seedsigner is all about.


I haven't audited the code, but I assume the seed is stored in ram while the device is in use.  If the OS uses swap files to store the seed it can retain the information unless it's overwritten with random bits as the device is being powered down.
Their whole OS is indeed fully booted up from the ram[1]. Even if you do a manual installation, it recommends the user to disable the swap file[2].


This is how they justify it
Not sure I agree with their explanation of wanting to generate entropy via meatspace.
I found this repo which may explain the reasoning why they decided to go that way: https://github.com/SeedSigner/independent_custody_guide#creating-secure-private-keys-in-a-trust-minimized-way.

~snip~Though there have been advances in the ability of software to generate unpredictable data, disagreements persist on the theoretical ability of truly random data to arise from organized, logical code created by human beings. (This may go without saying, but it's not a best practice to trust a private key generated by a bitcoin storage device that does not incorporate some kind of user input into the process.)

It turns out that the simplest, easiest, and perhaps best way to capture entropic data is via the randomness inherent in the movements of the physical world that surrounds us. ~snip~
staff
Activity: 3304
Merit: 4115
May 30, 2022, 02:49:18 PM
#8
Not sure I agree with their explanation of wanting to generate entropy via meatspace. I'd like to think that a hardwallet takes much of the responsibility of generating entropy off the person as possible, since for me hardware wallets are more likely to be bought, and used by newbies. Alright, maybe SeedSigner isn't as accessible as ready made options, but still I prefer to idea of taking that out of the users hands or at very least giving an option to the user.

It's necessary. Without the camera you can't scan the PSBT from your computer's monitor.
Ah, yeah I seem to have forgotten about that small detail Cheesy. That makes sense. Well cheers for the review, wasn't overly familiar with SeedSigner.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
May 30, 2022, 01:19:22 PM
#7
Excellent review.

In all honesty I feel the idea is a lot better than the execution.  I had considered conducting this experiment myself but decided against it feeling it's not as safe, secure, or functional as an air-gapped Pi (or other PC) running an open-source OS such as Ubuntu.  My main concern with the setup is that you have to keep your seed phrases accessible or pull them out of hiding once in a while, which exposes them to significantly more risk than is necessary.  Conversely, an air-gapped PC can store your seeds relatively safely behind strong encryption, and multiple layers of encryption can be implemented.  Once you're seeds are paired with wallets they never need to be exposed again.

Theft of loss of SeedSigner appears to pose slightly less risk, assuming the seed is thoroughly purged from the system.  I haven't audited the code, but I assume the seed is stored in ram while the device is in use.  If the OS uses swap files to store the seed it can retain the information unless it's overwritten with random bits as the device is being powered down.  I don't know about you, but none of that would really ease my concerns if the device was stolen.  Again, a thoroughly encrypted OS is likely to buy you more time to discover the loss of the device and move your funds.

One benefit to the experiment, however is that if you tire of it you have all you need to convert it into an air-gapped PC (with the exception that I would want a bigger screen.)

All in all, it looks like a really fun project whether you use it to manage funds or not.  
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 30, 2022, 01:18:51 PM
#6
but you didn't say if you ordered that orange pill case from third party or you  3d printed it yourself?
I ordered it from gobrrr.

I have to say there are much better and smaller SeedSigner cases and I prefer them instead of this default option
Yep, but I thought the default would be a better option. Proved wrong.  Tongue

Most people would just use default entropy generation that is not really random nor secure, that is why they decided to go this direction.
Which thing isn't random nor secure exactly? Pi's RNG? urandom?

If you make any mistake during this process you can only blame yourself, not SeedSigner aka Rpi.
But, I don't blame them for my possibly less unpredictable entropy. Of course and it's my responsibility to ensure the dice is fair. But, you don't get to force me go with your way, just because you think it's right. This attitude is translated to a little disrespect, one might say, towards actual cryptographers who've studied more than you've done, and have concluded to using a CSPRNG.

Let me choose a "Use Pi's RNG" option, and if you don't recommend it, show a warning.
legendary
Activity: 2212
Merit: 7064
May 30, 2022, 01:03:23 PM
#5
Nice to see you decided to give SeedSigner a try BlackHatCoiner, but you didn't say if you ordered that orange pill case from third party or you  3d printed it yourself?
I have to say there are much better and smaller SeedSigner cases and I prefer them instead of this default option, my favorite is Lil'Pill but there are other .STL files released as open source.

Unfortunately, you can't create a new seed with an internal RNG. SeedSigner somewhat forces you to generate the entropy yourself. Either with a picture or dice rolls.
This is fortunately advantage for me, and I prefer to generate my own seed words.
Most people would just use default entropy generation that is not really random nor secure, that is why they decided to go this direction.
If you make any mistake during this process you can only blame yourself, not SeedSigner aka Rpi Wink

*Sparrow is a wallet I'd never used, as I put Electrum above others, but I'll have to admit it's good. Perhaps even better than Electrum. The reason you can't use Electrum (at least not easily) is because it doesn't support animated QR codes, which is the way SeedSigner exports xpub keys and signs transactions. That's because the screen isn't big enough.
I tested Sparrow wallet before and I think it's even better for multisig setup compared to Electrum wallet.
There are some stuff they need to fix with adding and removing devices (that was when I tried it), but I generally liked it and it's good alternative for Electrum.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
May 30, 2022, 12:02:42 PM
#4

Nice review!
It looks like a wonderfully nice toy, it's on my wish list too for some while, for when my HW dies or Pi Zero will be again in stock in my country, whichever comes first.
Until then the software should also get more mature + maybe Electrum will also implement the missing feature(s).

I'm assuming the dearest piece of kit here is the camera, which might not be necessary for users that don't want to scan QR codes? Since, most other hardware wallets don't offer this, you could potentially even argue that this is an additional expense that isn't really needed. I guess the convenience is there if you need it though.

Camera + screen are the two directions/devices for transferring information between SeedSigner and the hot wallet. Both are crucially important.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 30, 2022, 11:29:37 AM
#3
Since, most other hardware wallets don't offer this, you could potentially even argue that this is an additional expense that isn't really needed.
It's necessary. Without the camera you can't scan the PSBT from your computer's monitor.
staff
Activity: 3304
Merit: 4115
May 30, 2022, 09:12:49 AM
#2
Always a massive fan of users DIYing this sort of stuff. I've sadly run out of merit though.

I'm assuming the dearest piece of kit here is the camera, which might not be necessary for users that don't want to scan QR codes? Since, most other hardware wallets don't offer this, you could potentially even argue that this is an additional expense that isn't really needed. I guess the convenience is there if you need it though.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
May 30, 2022, 08:50:15 AM
#1
Prologue
So, a month ago, I was trying to find out which hardware wallet should I buy. My conditions were simple; it had to be open-source and I had to make the purchase in the most private way possible. My only option was to buy BitBox 1, but it happens to be old, deprecated and their developers aren't known for being privacy seekers, which really underwhelmed me.

My only choice was to purchase a hardware wallet outside my country using a poste restante, which I didn't want to do for personal reasons. But, then dkbit98 suggested something I hadn't thought of; do the job with a Pi.
I don't know if you want to use hardware wallet just for Bitcoin or for other shitcoins, but if it's only for good old BTC than you can buy Raspberry Pi zero locally and make your own SeedSigner signing device.

And so I did. I bought a RPi Zero, a camera, a little screen and a few other stuff, and built a SeedSigner; an air-gapped hardware wallet signing device, which takes security into the next level.  Wink

Disclaimer: There's no affiliation with SeedSigner and this thread isn't sponsored. I just bought it and share my thoughts.




Review


In summary:

Pros:

Cons:
  • Little hard setup
  • Experimental software; the project is, well from what I can judge, in an early stage
  • Works only with BlueWallet, Nunchuk, Sparrow, Specter Desktop
  • It's forcing you to generate the entropy yourself




Alright, let's begin.

SeedSigner aims to give a solution to one problem; the cost and complexity of multi-sig usage. However, at the same time, it can be used for single-sig setups, lowering the cost of your "hot" storage as well. There's nothing saved inside the SD card, besides your settings which is optional, therefore there's less danger for funds' loss. When you shut down SeedSigner, it erases the seeds; they're meant to be kept temporarily in memory and you have to import the seed on each startup. And that's basically one of the features that makes SeedSigner differentiate.

This has the following advantage: You can have the device on plain sight (don't, but you get the idea). As far as I understand, this is implemented to reduce the risk of money loss. For cold storage, create the QR code and find a good hiding spot. For daily transactions, you can just insert it into your drawer etc., without minding much.


For quick imports, use QR scanning:



Unfortunately, you can't create a new seed with an internal RNG. SeedSigner somewhat forces you to generate the entropy yourself. Either with a picture or dice rolls.


I get the spirit of "trust none!", but that's just wrong. It should allow you to generate random entropy, even with a warning. Furthermore, it gives a false sense of security. If you don't test the dice is decently fair, then you shouldn't generate a wallet. Period. Quoting a forum legendary is needed here:
Coders who make their own ad hoc randomness schemes are like kids playing with matches.

Hashing a picture can also be problematic, see thread: Turn photos into Bitcoin wallets. So, here's a feedback: Include /dev/urandom. Simple. Do it for those who want to avoid this fuss.

This is how they justify it:

One thing I also don't understand is how the rolls are 50/99 exactly. Doesn't each give 1.66 bits of entropy on average?  



These are the features:
Feature Highlights:
  • Calculate word 12/24 of a BIP39 seed phrase
  • Create a 24-word BIP39 seed phrase with 99 dice rolls
  • Create a 24-word BIP39 seed phrase by taking a digital photo
  • Temporarily store up to 3 seed phrases while device is powered
  • Guided interface to manually create a SeedQR for instant input (demo video here)
  • BIP39 passphrase / word 25 support
  • Native Segwit Multisig XPUB generation w/ QR display
  • Scan and parse transaction data from animated QR codes
  • Sign transactions & transfer XPUB data using animated QR codes (demo video here)
  • Live preview during photo-to-seed and QR scanning UX
  • Optimized seed word entry interface
  • Support for Bitcoin Mainnet & Testnet
  • Support for custom user-defined derivation paths
  • On-demand receive address verification
  • User-configurable QR code display density
  • Responsive, event-driven user interface

One thing I've forgotten to say is that, besides open-source, the code is also easy to read. It's 100% written in Python, and there aren't many files to check. It doesn't take more than an hour. The src/seedsigner/models is what's all about.



How to use it

These are the steps to spend money:
  • Create a seed.
  • Export the master public key with a QR code.
  • Import the master public key to a wallet software. (From the available, I prefer Sparrow*)
  • Create a transaction.
  • Export the PSBT in QR code from your computer's screen.
  • Scan the QR code from SeedSigner.
  • Sign the transaction from Seed Signer.
  • Export the signed transaction in QR code.
  • Scan the QR code from your computer.
  • Broadcast the signed transaction

Ta-da! Transaction signed in the air!  Shocked

*Sparrow is a wallet I'd never used, as I put Electrum above others, but I'll have to admit it's good. Perhaps even better than Electrum. The reason you can't use Electrum (at least not easily) is because it doesn't support animated QR codes, which is the way SeedSigner exports xpub keys and signs transactions. That's because the screen isn't big enough.





No, these cool, freshly 3D printed mined bitcoins in the images above aren't included in the SeedSigner Kit.  Tongue
Pages:
Jump to: