ANN: Python paper wallet generator with strong randomness

[Dabs]

BTW, got a version that makes hundreds or thousands of addresses? I want to make a giant non-deterministic wallet.

[deepceleron]

BTW, got a version that makes hundreds or thousands of addresses? I want to make a giant non-deterministic wallet.

I specifically don't, because this would rely too much on the quality of the system random number generator PRNG instead of user-created entropy, which could conceivably link the addresses together and allow for cryptanalysis, especially with low system entropy available or intentionally flawed OS implementation. I could fashion something, but I would need to sweeten the random, maybe by throwing several rounds of scrypt hash XOR SHA hash XOR user entropy per urandom sourced key, with enhanced urandom reseeding while you keep pounding the keyboard.

I have also made this work with MinGW-compiled C scrypt code to make encrypted BIP38 wallets in less than a second vs 8 minutes. The all-in-Python script is written for easy verifiable LiveCD use; the Windows exe might as well be more utilitarian since it can't meet this challenge. However, I am having difficulty getting it packaged with py2exe, which seems to turn the pyd dependency into a pyo, and then the exe bytecode can't find the _scrypt code. Still have some more things to try.

[Dabs]

BTW, got a version that makes hundreds or thousands of addresses? I want to make a giant non-deterministic wallet.

I specifically don't, because this would rely too much on the quality of the system random number generator PRNG instead of user-created entropy, which could conceivably link the addresses together and allow for cryptanalysis, especially with low system entropy available or intentionally flawed OS implementation. I could fashion something, but I would need to sweeten the random, maybe by throwing several rounds of scrypt hash XOR SHA hash XOR user entropy per urandom sourced key, with enhanced urandom reseeding while you keep pounding the keyboard.

I have also made this work with MinGW-compiled C scrypt code to make encrypted BIP38 wallets in less than a second vs 8 minutes. The all-in-Python script is written for easy verifiable LiveCD use; the Windows exe might as well be more utilitarian since it can't meet this challenge. However, I am having difficulty getting it packaged with py2exe, which seems to turn the pyd dependency into a pyo, and then the exe bytecode can't find the _scrypt code. Still have some more things to try.

Okay, I like the 1 second BIP38 key. That would be really useful.

For random seeds, I could, for example, take a few hundred pictures with my SLR camera. That should provide enough entropy for a few thousand addresses. Or I could make a giant home video in mp4 format, going around pointing it at the sky and clouds or the trees swaying in the wind. Then I would of course securely erase any such jpegs and mp4s after.

There are also hardware RNGs, that plug into a USB port, and feed /dev/random

http://www.entropykey.co.uk/
https://www.tindie.com/products/ubldit/truerng-hardware-random-number-generator/

For about $50.

[hanisnl]

hi there !

does your fine looking script run on python 3.x ?

[deepceleron]

hi there !

does your fine looking script run on python 3.x ?

No. The first challenge will be functions that have had name changes. itertools izip used in the salsa mix function had a name change in Python 3. xrange is renamed to just range, but range() is not an generator in py2, etc. Better that Python 3 has a syntax error than Python 2 does the wrong thing.

I might change over to https://github.com/ricmoo/pyscrypt from http://hg.saddi.com/scrypt/ if I've got time to clean up and merge that code into one file (it is about 20% faster at encryption) and then see what other traps I find. Until the majority of LiveCDs don't run Python 2 as default this won't be a big concern.

[deepceleron]

I updated the first post with a more verbose description. It should now be an answer you can provide to most "paper wallet...what?" questions.

No reason to change the two-year-old code. I anticipate changing hosting providers in the next month if anybody keeps track; this free and open-source code could also go up on a git/svn site, but taking contributions & trust is problematic, as well as hosting somewhere more vulnerable to hacking.

[Dabs]

If I can reproduce and recreate the steps to make a Windows executable, with the same version of py2exe, I should be able to have an identical paperwal.exe, with matching sha256 and md5 checksums. Or is the compiler not a deterministic builder?

Actually, as long as I can compare the majority of the binary result, it should be good. I've seen someone try the same thing with TrueCrypt with only the signature part that can't be matched, but the rest of the binary is very close to his own compiled version.

http://we.lovebitco.in/paperwal.exe (4MB) Windows exe created with py2exe, Python 2.7.6 32 bit
sha256: 31af7bec9aa68c8a32ce09de42f16cf58868c6d6a69a71c701ae52efba842076 *paperwal.exe
md5sum: e2e5d1d648ccc1cabebd745a160e5277 *paperwal.exe

*edit*

I just tried it, downloaded python 2.7.6 32 bit and py2exe-0.6.9.win32-py2.7.exe dated 2008-11-16

Then "compiled" it according to tutorials and came up with a 49 kb executable.

2016-05-02  01:37 PM            50,176 paperwal.exe

Obviously, the hashes are not going to match. Yours must be including everything or something, or you used a different version of py2exe.

But I should be able to trust my own executable since I did it myself, based on the paperwal.py which I already reviewed.

It's a lot smaller, but then I had to install python.

[deepceleron]

If I can reproduce and recreate the steps to make a Windows executable, with the same version of py2exe, I should be able to have an identical paperwal.exe,?
...
I just tried it, downloaded python 2.7.6 32 bit and py2exe-0.6.9.win32-py2.7.exe dated 2008-11-16
Then "compiled" it according to tutorials and came up with a 49 kb executable.

I've tried to replicate Python project py2exe binaries on other computers to make a reliable verification procedure and not had luck. For a start, you need the same setup.py file, and one character different (in the version string that shows up when you right click, for example) makes it not hash right.

Here's the setup.py I likely used to create the exe:

Code:

from distutils.core import setup
import py2exe, sys, os

sys.argv.append('py2exe')

setup(
    options = {'py2exe':
        {'optimize': 2, 
         'bundle_files': 1,
         'compressed': True,
         },
    },
    console = ['paperwal.py'],
    zipfile = None,    
    version="1.1.0",
    description="Secure Address Generator",
    author="deepceleron",
)

Of course using different version of py2exe script byte-compiled on a different day with different windows libraries and modules graphed by the py2exe script with the moon in a different phase makes it different.

You did discover that the base py2exe options creates a small file reliant on the system's installed python modules. I had the same dependency problem with attempts using cython. The py2exe binary is partly ZIP file, you can extract the files to see the python interpreter and many other byte-compiled files included.

[adelhmdt]

What's the SHA256 for the Windows EXE?

[Dabs]

What's the SHA256 for the Windows EXE?

It's there in the first post. If you compile your own version, it may be different.

[huijaa]

Hi!

Very very greatfull program is it! Because paperwal.py is an open source, i can add new feature for printing on thermal-printer.

Code:

-t           --thermal-print           to print to thermal printer

Instead of outputting to screen, it will print a QR-code of public and private key.


I see a version of 1.2 at this moment, but i'll ask for newer version of paperwal.py ?