User avatar
EcuaMobi
Posts: 5
Joined: Wed Sep 23, 2015 1:54 pm

Donate BTC of your choice to 13JXno5YQEEEL69RTVVdJdQN2cYiEzTKNW

Contact: Twitter

Cold storage on a deck of cards - Deck Wallet

Mon Nov 09, 2015 11:14 pm

I created the first version of this project about one year ago and I'm now considering the possibility to improve it. The main point would be add Hierarchical Deterministic support. I may also include an option to create seed phrases for common wallets based on the deck.

I've been holding 90% of my coins in a deck of cards for one year now without any problems.

I'd appreciate any comments regarding the original project (described below) and the new ideas for improvement.

Bitcoin Deck Wallet
Store your bitcoins in a deck of cards

https://play.google.com/store/apps/deta ... deckwallet
Image Image Image
Image Image Image
See more screenshots here[/center]

I've read on several places the idea to use real-world entropy such as dice or cards to generate a seed to create bitcoin addresses.

Basing on that idea, I have create a simple Android app that allows users to generate up to 52 bitcoin addresses from a deck of cards.

You can get it here from Google Play:
https://play.google.com/store/apps/deta ... deckwallet

or https://github.com/ecuamobi/deck-wallet ... k?raw=true
It requires a device running Android 4.0+ with touchscreen.

Features
  • Easily enter the order of the cards by using spinners.
  • Supports an optional password.
  • Checks for repeated or missing cards, as well as miss-entered passwords.
  • Allows the user to re-enter everything to double-check the generated wallet. This is to prevent sending coins to the void.
  • Shows QR codes for the generated addresses and private keys.
  • Allows individual sharing of an address or key, as well as bulk sharing of all generated addresses.
About security
  • Completely offline. The application does not requires permission to access the Internet, store files, or any other.
  • Open source. The code is available here: https://github.com/ecuamobi/deck-wallet/
  • You don't need to enter the order of the cards using the keyboard, therefore it's not vulnerable to malicious keyboards.
  • Checks for repeated or missing cards.
  • Allows the user to re-enter everything to double-check the generated wallet.
  • 2FA: Option to enter a password (or more than one to create secondary wallets) besides the deck itself.
  • Allows the generation on an extra wallet using a secondary password, thus protecting the main one against a physical attack (disclose the secondary password instead of the main one).
  • Obscurity: An attacker won't know there are bitcoins in that deck, even if they find it.
Instructions
  • Install Deck Wallet on a non-rooted Android device.
    Important: Make sure to download only from either
    https://play.google.com/store/apps/deta ... deckwallet[/b] or
    https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_1.0.apk?raw=true
    and double check it does not require any permissions.
  • Riffle shuffle a deck of cards 7 times or more.
  • Select the number of cards to use. 52 is recommended.
  • Enter every card on the app (it takes me about 4 or 5 minutes to do so).
  • Optionally enter a password you won't forget (it's not possible to recover it!).
  • Touch "Go!" to generate up to 52 bitcoin addresses. It will generate as many addresses as the number of entered cards.
  • Optionally, copy the order of the cards into another deck, as backup.
  • Double-check your deck wallet: Touch the 'Check' icon and re-enter the same password and card order.
  • After checking it, send some bitcoins to your deck wallet and store your deck of cards in a safe place.
How it works
  • The entered cards are converted to 2-char strings and concatenated. For example 3 of hearths is represented as 3H. 10, Jack, Queen and King are represented as T, J, Q and K respectively.
  • If a password is entered, it is pre-pended to the resulting string.
    Example seed: myPasswordAH4CTS9D...KHQS
  • The first address is calculated as a brain address, using SHA256 from the full generated seed. The result is the same as manually entering the full string into http://bitaddress.org or other similar tool.
  • The second address is calculated from the seed except the first card is moved to the end (Example: myPassword4CTS9D...KHQSAH)
  • The third address is calculated from the seed except the first 2 cards are moved to the end (Example: myPasswordTS9D...KHQSAH4C) and so on.
  • To check the generated wallet, the double SHA256 of the full seed is temporarily stored on RAM.
  • Nothing is stored permanently and nothing is sent or received through Internet (the app doesn't have permission to do that).
DeckWallet is open source released under the MIT license.

It is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement.
I am EcuaMobi on BitcoinTalk (proof).
I will sign any payment address with my PGP key (KeyBase| BitcoinTalk).

ryanc
Posts: 3
Joined: Wed Nov 25, 2015 10:44 pm

Re: Cold storage on a deck of cards - Deck Wallet

Thu Nov 26, 2015 9:27 am

This looks very interesting - a truly random shuffle should give log2(52!) =~ 225 bits of entropy. Have you looked into using something like OpenCV for recognizing cards with the camera?

Return to “Project Development”

Who is online

Users browsing this forum: No registered users and 3 guests