I've been holding 90% of my coins in a deck of cards for one year now without any problems.
I'd appreciate any comments regarding the original project (described below) and the new ideas for improvement.
Bitcoin Deck Wallet
Store your bitcoins in a deck of cards
https://play.google.com/store/apps/deta ... deckwallet
See more screenshots here[/center]
I've read on several places the idea to use real-world entropy such as dice or cards to generate a seed to create bitcoin addresses.
Basing on that idea, I have create a simple Android app that allows users to generate up to 52 bitcoin addresses from a deck of cards.
You can get it here from Google Play:
https://play.google.com/store/apps/deta ... deckwallet
or https://github.com/ecuamobi/deck-wallet ... k?raw=true
It requires a device running Android 4.0+ with touchscreen.
Features
- Easily enter the order of the cards by using spinners.
- Supports an optional password.
- Checks for repeated or missing cards, as well as miss-entered passwords.
- Allows the user to re-enter everything to double-check the generated wallet. This is to prevent sending coins to the void.
- Shows QR codes for the generated addresses and private keys.
- Allows individual sharing of an address or key, as well as bulk sharing of all generated addresses.
- Completely offline. The application does not requires permission to access the Internet, store files, or any other.
- Open source. The code is available here: https://github.com/ecuamobi/deck-wallet/
- You don't need to enter the order of the cards using the keyboard, therefore it's not vulnerable to malicious keyboards.
- Checks for repeated or missing cards.
- Allows the user to re-enter everything to double-check the generated wallet.
- 2FA: Option to enter a password (or more than one to create secondary wallets) besides the deck itself.
- Allows the generation on an extra wallet using a secondary password, thus protecting the main one against a physical attack (disclose the secondary password instead of the main one).
- Obscurity: An attacker won't know there are bitcoins in that deck, even if they find it.
- Install Deck Wallet on a non-rooted Android device.
Important: Make sure to download only from either
https://play.google.com/store/apps/deta ... deckwallet[/b] or
https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_1.0.apk?raw=true
and double check it does not require any permissions. - Riffle shuffle a deck of cards 7 times or more.
- Select the number of cards to use. 52 is recommended.
- Enter every card on the app (it takes me about 4 or 5 minutes to do so).
- Optionally enter a password you won't forget (it's not possible to recover it!).
- Touch "Go!" to generate up to 52 bitcoin addresses. It will generate as many addresses as the number of entered cards.
- Optionally, copy the order of the cards into another deck, as backup.
- Double-check your deck wallet: Touch the 'Check' icon and re-enter the same password and card order.
- After checking it, send some bitcoins to your deck wallet and store your deck of cards in a safe place.
- The entered cards are converted to 2-char strings and concatenated. For example 3 of hearths is represented as 3H. 10, Jack, Queen and King are represented as T, J, Q and K respectively.
- If a password is entered, it is pre-pended to the resulting string.
Example seed: myPasswordAH4CTS9D...KHQS - The first address is calculated as a brain address, using SHA256 from the full generated seed. The result is the same as manually entering the full string into http://bitaddress.org or other similar tool.
- The second address is calculated from the seed except the first card is moved to the end (Example: myPassword4CTS9D...KHQSAH)
- The third address is calculated from the seed except the first 2 cards are moved to the end (Example: myPasswordTS9D...KHQSAH4C) and so on.
- To check the generated wallet, the double SHA256 of the full seed is temporarily stored on RAM.
- Nothing is stored permanently and nothing is sent or received through Internet (the app doesn't have permission to do that).
It is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement.