Title: DeckWallet: looking for security feedback and comments Post by: EcuaMobi on March 24, 2015, 11:07:51 PM I've developed an Android app to easily and safely store bitcoins in a deck of cards:
Announcement (https://bitcointalk.org/index.php?topic=811397.0) | Google Play (https://play.google.com/store/apps/details?id=com.ecuamobi.deckwallet) I'd like some feedback from experienced users, especially regarding security. Here's how it works:
More details here: https://bitcointalk.org/index.php?topic=811397.0 Please post your comments. I'll consider them to update the project. Title: Re: DeckWallet: looking for security feedback and comments Post by: DeathAndTaxes on March 26, 2015, 01:40:16 AM Two ideas:
1) You may want to use a KDF with multi-round hashing instead of a single hash. 2) Instead of generating an address from the seed use the seed to generate an entire HD wallet. Title: Re: DeckWallet: looking for security feedback and comments Post by: EcuaMobi on March 26, 2015, 03:22:08 AM Two ideas: 1) You may want to use a KDF with multi-round hashing instead of a single hash. 2) Instead of generating an address from the seed use the seed to generate an entire HD wallet. Thanks. I like the idea of generating a HD wallet to make it compatible with other wallets and to generate an unlimited number of addresses. Most probably I will implement it soon. Unfortunately that new version wouldn't be compatible with the current one so I'll need to handle that properly to allow current users to recover their coins. Any comments regarding security? Do you see any problems savings big amounts of coins this way? Title: Re: DeckWallet: looking for security feedback and comments Post by: andytoshi on March 26, 2015, 03:42:10 AM Any comments regarding security? Do you see any problems savings big amounts of coins this way? The cypherpunk in me loves steganography, but this seems really fragile in the sense that small accidents may cause huge losses. (I know this is obvious but somebody needs to say it on the front page of this thread ;)) Title: Re: DeckWallet: looking for security feedback and comments Post by: EcuaMobi on March 26, 2015, 03:47:50 AM Any comments regarding security? Do you see any problems savings big amounts of coins this way? The cypherpunk in me loves steganography, but this seems really fragile in the sense that small accidents may cause huge losses. (I know this is obvious but somebody needs to say it on the front page of this thread ;)) What do you mean small accidents? Like losing the cards or burning them? That's why at least a second copy is recommended. Check the ann. thread. I'm asking for security opinions related to the app itself. Title: Re: DeckWallet: looking for security feedback and comments Post by: andytoshi on March 26, 2015, 03:50:27 AM Not only losing them, but shuffling them (or causing them to be shuffled, e.g. by dropping them). Or taking them through airport security the day after someone is in the news hiding secret messages in card orderings.
But sure, I get your point. I'll stop complaining about this. Title: Re: DeckWallet: looking for security feedback and comments Post by: Cryddit on March 26, 2015, 05:32:19 PM What do you mean small accidents? Like losing the cards or burning them? That's why at least a second copy is recommended. Check the ann. thread. I'm asking for security opinions related to the app itself. Like a party guest who wants to play gin rummy noticing a deck of cards sitting on your bookshelf and wanders into your study or bedroom or whatever private area to get them... Title: Re: DeckWallet: looking for security feedback and comments Post by: GoingAround on March 26, 2015, 08:38:27 PM What do you mean small accidents? Like losing the cards or burning them? That's why at least a second copy is recommended. Check the ann. thread. I'm asking for security opinions related to the app itself. Like a party guest who wants to play gin rummy noticing a deck of cards sitting on your bookshelf and wanders into your study or bedroom or whatever private area to get them... You could memorize the order or write down the order and encrypt it with a gpg just for the fun. Title: Re: DeckWallet: looking for security feedback and comments Post by: DeathAndTaxes on March 26, 2015, 09:56:55 PM Two ideas: 1) You may want to use a KDF with multi-round hashing instead of a single hash. 2) Instead of generating an address from the seed use the seed to generate an entire HD wallet. Thanks. I like the idea of generating a HD wallet to make it compatible with other wallets and to generate an unlimited number of addresses. Most probably I will implement it soon. Unfortunately that new version wouldn't be compatible with the current one so I'll need to handle that properly to allow current users to recover their coins. Any comments regarding security? Do you see any problems savings big amounts of coins this way? I didn't see any direct issues. Single round hashing is good and needing the deck sort of makes this like a two factor system but single round of a fast function like SHA-256 isn't ideal for hashing password. Brute forcing passwords is easier for an attacker because a single attempt is so quick. That is why I suggested a KDF such as PBKDF as it would provide additional security against moderately weak passwords (key stretching). Still that is only a suggestion. As an user option you may want to consider allowing the user to enter a deck and select to output a Title: Re: DeckWallet: looking for security feedback and comments Post by: EcuaMobi on March 27, 2015, 01:14:26 AM I didn't see any direct issues. Single round hashing is good and needing the deck sort of makes this like a two factor system but single round of a fast function like SHA-256 isn't ideal for hashing password. Brute forcing passwords is easier for an attacker because a single attempt is so quick. That is why I suggested a KDF such as PBKDF as it would provide additional security against moderately weak passwords (key stretching). Still that is only a suggestion. As an user option you may want to consider allowing the user to enter a deck and select to output a Regarding the single round hashing I chose that method to make it compatible with brain wallets. That way users can get their coins even without the app (although the process is much more complicated of course). They can just write their password followed by the card ordering (ex: myPassword4CTS9D...KHQSAH) and get the address here (https://www.bitaddress.org). By far the main security feature is the card ordering, not the password, in fact the later is optional. An attacker would need to have the actual deck of cards to even try brute forcing the password if set. I consider the password as a 2FA and not the other way around. I like the BIP-39 mnemonic idea very much. I will definitely implement that when I have some time. I'd also like the app to allow either generating/exporting the master public key (for deposits and balance checking), the list of the first X addresses, the actual mnemonic or an individual private key for a single address. This way even if a single address is redeemed the whole wallet doesn't have to be discarded because the mnemonic and the other keys have never been online. Regarding your last phrase (if verifiable), I do want to make sure it is 100% verifiable. The current measures I've taken are: - Code is open-source. - Published app is not obfuscated, so it can be de-compiled. - No access to Internet. Any other recommendations to make it verifiable? Most probably I'll add 2 modes in settings: "Brain wallet" (as it is working now) and "BIP-39" (which would be the default option). |