Bitcoin Forum
May 14, 2021, 09:12:43 PM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Would you be willing to flip coin / roll dice 256 times for security of funds?  (Read 267 times)
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 13, 2020, 11:28:24 PM
 #1

Hey folks, I am building an open source air-gapped crypto vault, and as an option to not rely on system's entropy to generate random numbers, I am working on offering a "bring your own entropy" option.

This makes the system trustless, as less code about it needs to be reviewed & verified, as opposed to check whether the custom linux OS it works on, isn't acting in bad faith.
Or if you are an "Extremely cautious" user like me, you would like to do this by simply verifying how the coins flip / dice rolls are used as entropy & not worry about anything else as the device is air-gapped and runs an immutable OS without any persistence layer at all.

UI Screenshot: https://pbs.twimg.com/media/Ec1kJ3LU0AE0maT?format=png&name=large

My project is all about me exploring how much of a trustless system can be built.

Its my understanding flipping coin or rolling dice 256 times provide sufficient entropy to generate mnemonic, which is at par with what most computers are capable of, if not more.

So, would you be willing to do the boring manual work of flipping coin or rolling dice to record their value in order to use that as entropy?

Don't under-estimate the task. Just doing it once will take 6-10 seconds. Doing that 256 times might take you 25-45 mins.

Twitter poll is at https://twitter.com/ashfame/status/1282671325580910592.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1621026763
Hero Member
*
Offline Offline

Posts: 1621026763

View Profile Personal Message (Offline)

Ignore
1621026763
Reply with quote  #2

1621026763
Report to moderator
1621026763
Hero Member
*
Offline Offline

Posts: 1621026763

View Profile Personal Message (Offline)

Ignore
1621026763
Reply with quote  #2

1621026763
Report to moderator
Betwrong
Legendary
*
Offline Offline

Activity: 2198
Merit: 1205



View Profile
July 14, 2020, 10:46:43 AM
 #2

Hey there,

No offence, but I'd rather flip a coin 256 times than trust an unverified tool with that. No coder myself, unfortunately, so I can't check whether the tool is not providing me with one of the, say, 10 million keys which are stored in its memory.

Spending extra 25-45 mins is not that much compared to the possible risk of having a private key known to someone else, imho.

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
▄███▄
▄█████▄
█████████
▐███▄▄▄███▌
███████████
████▀▀▀████
███████████

▄█████████████▄
█████████████████
▄▄▄▄    ███████    ▄▄▄▄
▄██████▄   █████   ▄██████▄
█████████▄███████▄█████████
▀███████████████████████▀
★ ‎
‎ ★
▄▄███████▄▄
▄█████▀█▀█████▄
████▀▀▀ ▀ ▀▀█████
███████  ██  ▐█████
███████      ▀█████
███████  ███  █████
████▄▄▄   ▄▄▄████
▀█████▄█▄█████▀
▀▀███████▀▀

▄▄▄▄▄▄▄
▀▀███████▀▀
▄▄███████▄▄
▄██████▀██████▄
███████▀ ▀███████
███████     ███████
██████▄     ▄██████
██████▄▀▄▄▄▀▄██████
██████▄   ▄██████
▀██████▄██████▀
▀▀███████▀▀

▄▄▄▄▄▄▄
▀▀███████▀▀
▄▄███████▄▄
▄█████████████▄
███████▌ ▐███████
████████  █████████
█████▀▀   ▄▄███████
███████  ██████████
█████▌      ▄████
▀█████████████▀
▀▀███████▀▀

▄▄▄▄▄▄▄
▀▀███████▀▀
                   ▄▄████▄
         ▄▄▄▄▄▄▄▄████▀▀████
     ▄▄█████████████▄  ███
    ▄████████████████▄███
   ▄█████████████████████
   █████████████████████
   ████████████████████
   ████
█████████████████
  ████████████████████▀
 ███▀████████████████▀
███▀ ▀▀█████████████▀▀
███▄▄▄▄███▀▀▀▀▀▀▀▀
▀█████▀▀
..PLAY NOW..
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 14, 2020, 12:41:48 PM
 #3

Hey there,

No offence, but I'd rather flip a coin 256 times than trust an unverified tool with that. No coder myself, unfortunately, so I can't check whether the tool is not providing me with one of the, say, 10 million keys which are stored in its memory.

Spending extra 25-45 mins is not that much compared to the possible risk of having a private key known to someone else, imho.

None taken, that's obviously the concern I am trying to address here. Its ideal to generate keys completely offline without a computer provided you can use verified secure entropy (as humans are bad source of entropy) and have the know-how. And then rely on an air-gapped hardware wallet to manage everything else Smiley

Now, would you go "all-manual" route to generate your keys or you would use a computer at some point in the key generation process? I am trying to offer whatever little computer tool you use in the form of an option, to mix that manual source of entropy into key generation.
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 14, 2020, 01:06:42 PM
 #4

I can't check whether the tool is not providing me with one of the, say, 10 million keys which are stored in its memory.

Its actually not that straight forward of an attack. It can be in a closed-source but even in open source it can be hiding in plain sight. Its more like the random number generator is limited to a range of numbers either by accident (bug) or design (malicious intent) and then that range can be brute-forced comparatively easily to check for balance and steal funds from.

Also, when you buy a device, you have to "trust" it, which is why my approach is "build your own". Everything is open-source and you can review or trust others have reviewed and use the source to put together your hardware wallet (trustless), rather than relying on pre-compiled binaries (having to trust) or open yourself to supply chain attack when ordering one. You simply order Raspberry Pi, some parts, write files to SD card and done! Trustless system! Smiley
bitmover
Legendary
*
Offline Offline

Activity: 1204
Merit: 2451



View Profile WWW
July 14, 2020, 01:19:14 PM
 #5

Hey folks, I am building an open source air-gapped crypto vault, and as an option to not rely on system's entropy to generate random numbers, I am working on offering a "bring your own entropy" option.

This makes the system trustless

I don't agree that this makes the system trustless.

Flipping the coin 256 times is not enough to generate a public address, you still need a computer and a software to do that. This would make you need to trust that software, even if it is open source (cause I am not really going to verify the software myself).

BrewMaster
Legendary
*
Offline Offline

Activity: 1904
Merit: 1237


There is trouble abrewing


View Profile
July 14, 2020, 04:03:38 PM
 #6

there is a difference between being cautious and paranoid.
so far there has been millions of bitcoin keys created and trillions of dollars worth of bitcoin have been transferred around and to this day there has not been a single case of bad RNG coming from the good wallets like bitcoin core or electrum. the cases were from new, shady or weak codes or services such as blockchain.info, javascript base websites and wallets,...
that is why people aren't really looking for alternatives, specially when that alternative could take an hour of their time and still not be safe.

ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 14, 2020, 06:48:55 PM
 #7

Hey folks, I am building an open source air-gapped crypto vault, and as an option to not rely on system's entropy to generate random numbers, I am working on offering a "bring your own entropy" option.

This makes the system trustless

I don't agree that this makes the system trustless.

Flipping the coin 256 times is not enough to generate a public address, you still need a computer and a software to do that. This would make you need to trust that software, even if it is open source (cause I am not really going to verify the software myself).

Great point! I have not actually considered the act of someone doubting the generation of addresses themselves. A malicious program can print out pre-programmed xpub keys and addresses from a known list.

So, its not trustless for you because you would need to verify it yourself to build trust but you don't wish to. I understand your perspective. But if you wish to, you can and there is no step in the process that you have to just blindly trust to act in good faith.

Trustless as per me is a system where you don't have to trust the system at any point to act in good faith. Its verifiable at every point from the source code to final product in hand. And that's what I am aiming for, in the project. Scratching my own itch & learning Smiley

Right now, what I see, is one has to trust some software or the other. Its painfully slow to do it all manually that software can't be practically eliminated from the usage. So one must verify the software themselves to act in good faith or rely on others to have done the same for them.

Same reason why its recommended to build from source rather than using pre-build binaries.

Now, once you have laid down your trust in an application to use, the second concern is of the environment in which this application runs. Can you trust the environment (verifying the environment is a huge task & controlling the environment is a tough task)? How about undiscovered or undisclosed vulnerabilities which will enable the malware to take control of the system and steal funds? A better alternative is to run this application on an air-gapped device, but then several Proof of concepts of different attacks for AirGap devices exist and hence emerges the WHY of my project.

Its not just a software app. Its 2 applications where one runs on a Raspberry Pi Zero with a custom linux OS to act as an air-gapped device where its not possible to get any information out because it truly runs as an air-gap device with no networking hardware available. Another application is just the wallet, which doesn't even have access to any sensitive information, just xpub keys, so you don't need to verify this at all. Please see this diagram - https://pbs.twimg.com/media/Ec40sGxUMAA8ycM?format=png&name=large

So, in a way, this lets you build your own hardware wallet with the ability to verify everything, hence a trustless system, perhaps the only one.
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 14, 2020, 06:57:33 PM
Merited by robelneo (2)
 #8

there is a difference between being cautious and paranoid.
so far there has been millions of bitcoin keys created and trillions of dollars worth of bitcoin have been transferred around and to this day there has not been a single case of bad RNG coming from the good wallets like bitcoin core or electrum. the cases were from new, shady or weak codes or services such as blockchain.info, javascript base websites and wallets,...
that is why people aren't really looking for alternatives, specially when that alternative could take an hour of their time and still not be safe.

I understand. And I encourage everyone to be paranoid, it would be foolish to not verify and just trust anything when it comes to cryptocurrency. Majority of the users are just going to follow the recommendations of enthusiasts / authority figures anyway, but we as enthusiasts have that responsibility to look after the community.

This project arised out of my own needs, hence I am building my own hardware wallet running a custom linux OS that can truly maintain the air-gap with the ability to verify everything from source code to the end product in hand.

Please see this diagram - https://pbs.twimg.com/media/Ec40sGxUMAA8ycM?format=png&name=large and I recommend you to read the above reply I posted as well. This is the first time I am presenting the project to the community in a lose manner, where obviously the entire vision isn't put out well enough for easy comprehension. So, I will also get to refine the vision and story, the more I talk about it.

And lastly, I hope the community encourages the open source spirit of wanting to verify everything and hacking away to deploy their principles or give voice to their opinions. Criticise it to its last bit, but do participate Smiley
BrewMaster
Legendary
*
Offline Offline

Activity: 1904
Merit: 1237


There is trouble abrewing


View Profile
July 16, 2020, 04:57:46 PM
 #9

one runs on a Raspberry Pi Zero with a custom linux OS to act as an air-gapped device where its not possible to get any information out because it truly runs as an air-gap device with no networking hardware available.

this part sounds very interesting to me but also the OS part makes it hard to verify it and i think such project is going to be a huge one. it would also be outside of the range of my knowledge.

And lastly, I hope the community encourages the open source spirit of wanting to verify everything and hacking away to deploy their principles or give voice to their opinions. Criticise it to its last bit, but do participate Smiley
i have found that only certain types of projects attract bitcoiners, for good or bad. for example anything that remotely relates to trading and making profit will get a lot of attention.
security related stuff don't seem to get that many contributions though. specially the new ones.

ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 16, 2020, 11:59:58 PM
 #10

one runs on a Raspberry Pi Zero with a custom linux OS to act as an air-gapped device where its not possible to get any information out because it truly runs as an air-gap device with no networking hardware available.

this part sounds very interesting to me but also the OS part makes it hard to verify it and i think such project is going to be a huge one. it would also be outside of the range of my knowledge.

Well, as long as you use a Raspberry Pi Zero (non-W) or desolder the wifi and bluetooth module from the board if you are using any model that has wireless network options, you don't need to care about the OS at all.
I have specifically chosen this architecture based on different air-gap POC attacks as well.
The only bit you would need to verify in the application (as long as you generate mnemonic completely offline or already have one) would be just the QR codes that are passed between Wallet & Vault. Which can easily be done by a simple QR code reader Smiley

And lastly, I hope the community encourages the open source spirit of wanting to verify everything and hacking away to deploy their principles or give voice to their opinions. Criticise it to its last bit, but do participate Smiley
i have found that only certain types of projects attract bitcoiners, for good or bad. for example anything that remotely relates to trading and making profit will get a lot of attention.
security related stuff don't seem to get that many contributions though. specially the new ones.

I realize that. I couldn't buy a hardware wallet because of the lockdown, so I decided to build one myself and based on my months of research, I kept on refining the architecture. I am going to do it for myself anyway and support for decentralized exchanges & dapps support is on the roadmap as well. Contributions though welcome are not required. Peer reviews and some sort of audit is what I think would do some good. I am fully committed to see it through & maintain it in the long term.

P.S. - I actually have been coding the wallet and vault, completely on live stream. YouTube and Twitch links are on my homepage - ashfame.com
hatshepsut93
Legendary
*
Online Online

Activity: 1876
Merit: 1480



View Profile
July 17, 2020, 12:20:35 AM
 #11

Why would I flip a coin 256 times if I can roll a 16-sided die 64 times instead? Or at least I can roll a 8 sided one 128 times. But frankly, if you don't trust your RNG, you should probably not use Bitcoin and all other things, like even browsing the Internet, because a backdoored RNG opens countless possibilities for the atackers. For example, random numbers are used in the ecdsa signing process, and if they are not random, then it's possible to retrieve a private key. So, good luck flipping a coin 256 times every time you're making a transaction.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
robelneo
Legendary
*
Offline Offline

Activity: 2142
Merit: 1042



View Profile WWW
July 17, 2020, 02:15:55 AM
 #12



I understand. And I encourage everyone to be paranoid, it would be foolish to not verify and just trust anything when it comes to cryptocurrency. Majority of the users are just going to follow the recommendations of enthusiasts / authority figures anyway, but we as enthusiasts have that responsibility to look after the community.

This project arised out of my own needs, hence I am building my own hardware wallet running a custom linux OS that can truly maintain the air-gap with the ability to verify everything from source code to the end product in hand.

And lastly, I hope the community encourages the open source spirit of wanting to verify everything and hacking away to deploy their principles or give voice to their opinions. Criticise it to its last bit, but do participate Smiley
Although there are who react negatively about your idea, it is still encouraged and commended for bringing this up to the community so you will have additional input or consideration on how you going to present your product to suit the community, this is a project development project with anything related to this technology I hope you can come out a finished product that can be of use by the community, we need to keep this technology to move on because it's dynamic.

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
[              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
..CRASH...
][
ĐŁ
DOGECOIN
LITECOIN

AVAILABLE NOW
]
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 17, 2020, 12:12:04 PM
 #13

Why would I flip a coin 256 times if I can roll a 16-sided die 64 times instead? Or at least I can roll a 8 sided one 128 times. But frankly, if you don't trust your RNG, you should probably not use Bitcoin and all other things, like even browsing the Internet, because a backdoored RNG opens countless possibilities for the atackers. For example, random numbers are used in the ecdsa signing process, and if they are not random, then it's possible to retrieve a private key. So, good luck flipping a coin 256 times every time you're making a transaction.

Well, it was just an idea I was discussing. You probably didn't read the entire thread but I was basically trying to offer a "bring your own entropy" option at mnemonic phrase generation step, but since then I have decided that its best to do that completely offline if you are extra cautious since its a one time thing.

I am trying to reach as trustless of a system as I can build. Its not about whether I trust my RNG or not, being a software dev, I can verify it. Its about enabling individuals to have sovereign money without them getting rekkt on the security side of things.

You have a valid point about random number generation while signing a transaction, and that point isn't that a lot less severe? Once UTXO is spent, what's there to lose? Losing your mnemonic on the other hand is a big deal, but using passphrase protects against that as well.

Please poke more holes at it, if you disagree at some point or anything else. Need as many eye balls on the architecture and eventually source-code ✌
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
July 17, 2020, 12:22:40 PM
 #14



I understand. And I encourage everyone to be paranoid, it would be foolish to not verify and just trust anything when it comes to cryptocurrency. Majority of the users are just going to follow the recommendations of enthusiasts / authority figures anyway, but we as enthusiasts have that responsibility to look after the community.

This project arised out of my own needs, hence I am building my own hardware wallet running a custom linux OS that can truly maintain the air-gap with the ability to verify everything from source code to the end product in hand.

And lastly, I hope the community encourages the open source spirit of wanting to verify everything and hacking away to deploy their principles or give voice to their opinions. Criticise it to its last bit, but do participate Smiley
Although there are who react negatively about your idea, it is still encouraged and commended for bringing this up to the community so you will have additional input or consideration on how you going to present your product to suit the community, this is a project development project with anything related to this technology I hope you can come out a finished product that can be of use by the community, we need to keep this technology to move on because it's dynamic.

Thank you! I realized I kinda opened a can of worms here without proper documentation 😅

I am very close to getting the MVP built out. Something before the end of this month. Most likely early. I will eventually present this to the community with motivation, documentation & security offered against several attacks, purely by architectural decisions.
Paperweight
Jr. Member
*
Offline Offline

Activity: 41
Merit: 37



View Profile
August 06, 2020, 08:54:11 AM
 #15

The question is moot because the Linux OS and firmware running on the Raspberry Pi can just keylog your private key anyway, or transparently use its own when it comes time to actually generating your public key, or choose its own nonce values when signing, or any number of things. You either trust it or you don't. And when you're known to trust it then you can become a target of whoever makes it. That's why Trezor makes their own hardware. https://wiki.trezor.io/Security

How do you input/output transactions with this device? How do you back up your keys?

I hate to be a downer though, so here's some comic relief https://dilbert.com/strip/2001-10-25
ashfame
Newbie
*
Offline Offline

Activity: 21
Merit: 15


View Profile
August 14, 2020, 12:36:21 PM
Merited by Paperweight (5)
 #16

The question is moot because the Linux OS and firmware running on the Raspberry Pi can just keylog your private key anyway, or transparently use its own when it comes time to actually generating your public key, or choose its own nonce values when signing, or any number of things. You either trust it or you don't. And when you're known to trust it then you can become a target of whoever makes it. That's why Trezor makes their own hardware. https://wiki.trezor.io/Security

How do you input/output transactions with this device? How do you back up your keys?

I hate to be a downer though, so here's some comic relief https://dilbert.com/strip/2001-10-25

Allow me to explain the architecture of the entire system & I would love for you to criticize that. Assume my intentions to be malicious for the purpose of criticism without worrying about offending me. You can forget about this question altogether, as I realized instead of aiding the user to generate mnemonic phrase in "bring your own entropy" method, its much better to do that process completely offline. So that's what I recommend now and I will provide community vetted instructions for the same.

Here is how it looks: https://imgur.com/a/JYQjrVG

Ok, so for the architecture, I am using a Raspberry Pi with a custom linux OS and the device never touches any network whatsoever, this acts as your cold storage solution. It stays offline for its entire life. Even all the Proof-Of-Concepts air-gapped attacks I came across in my research are rendered useless here as it has no speakers, no fans hence it has no medium via which malicious software can even attempt to leak out the sensitive information. The sensitive information is not stored on the device at all. You have the option of ejecting the bootable media (SD card) before you choose to use the vault app (software), so that it has no storage media to write to.

The vault app is quite simple - It has generate / import option when it starts since it never stores anything. Also make physical theft of the device useless. You always import your mnemonic any time you want to use your vault and it generates xpub keys and shows QR code which you import on the wallet software which is either a hosted service or you run it locally. You use this wallet app for all purposes of monitoring your funds, generating addresses for receiving funds & start the process of signing a transaction. All communication happens via QR codes, which can be read by a third party software at any time to see what data is being transmitted.

For convenience, you can generate an encrypted version of mnemonic and use that to import your sensitive information in the system by simply scanning that QR code, instead of having to type your mnemonic (24 words).

Now two kinds of attack that are possible on a system are:
1) Generate false crypto information (xpub keys), which can be verified from the source code
2) Stealing crypto sensitive information (mnemonic phrase or private key) which by architecture and communication medium severely limits the attack vector. Much more secure than relying on a USB/Bluetooth communication layer.

Its a free, open source DIY (self assembled) crypto vault that gives you great security at a very affordable price of ~$65 Since you put it together, there is no scope of supply chain attacks either.
That's what my goal of the project is - Enabling individuals to defend their sovereignty. Happy to discuss this further & looking forward to your criticism Smiley
MrFreeDragon
Sr. Member
****
Offline Offline

Activity: 411
Merit: 261


View Profile
August 17, 2020, 08:26:48 PM
 #17

-snip-
Don't under-estimate the task. Just doing it once will take 6-10 seconds. Doing that 256 times might take you 25-45 mins.
-snip-

The total time for coin flipping was 16 minutes (approx. 3-4 seconds per each flip).

https://www.youtube.com/watch?v=WyBdYhwweaE

VSYNC_
Jr. Member
*
Offline Offline

Activity: 138
Merit: 6


View Profile
August 18, 2020, 08:17:17 AM
 #18

I love flipping coins anyway and it's one of my talents, this could be interesting  Smiley
OgNasty
Donator
Legendary
*
Offline Offline

Activity: 3640
Merit: 2265


Crypto Casino & Sportsbook


View Profile
August 18, 2020, 05:16:21 PM
 #19

No.


██████████████████████████████████████████████████████████████████████
████████▀▀▀        ▀▀█████████████████████████████████████████████████
██████▀    ▄▄▄▄▄▄▄▄    ███████████████████████████████████████████████
█████    ▄█████████▌   ▐█████▀  ▐███████████████▌  ▀██████████████████
████▌   ▐██████████    █████    ████████████████    ██████████████████
████▌   ▐█████████▄▄▄▄█████▌   ▐███████████████▌   ▐███▀▀█████████████
█████    ▀███████████████▀▀        ▄███████████    ██▀   ▐████████████
██████▄     ▀▀███████▀▀         ▄▄███▀▀▀▀█████▌   ▐▀   ▄███▀▀   ▀█████
█████████▄▄     ▀▀███▄  ▄▄    ████▀    ▄   ███       ▄███▀   ▄█  ▐████
█████████████▄▄     ▀████▌   ▐███▀   ███   ██▌      ████    ██▀  █████
██████▀▀   ▀█████▄    ███    ████   ███▌  ▐██    ▌  ▐██▌      ▄▄██████
█████    ▄████████    ▐██    ██▀▀   ██▀   ▐▀    ▐█   ██▌   ▀██▀▀  ████
████▌   ▐████████▀    ███▄     ▄▄▄     ▄    ▄   ▐██   ██▄      ▄▄█████
████▌   ███████▀    ▄███████████████████████████████▄  ▀▀██████▀▀ ████
█████    ▀▀▀▀     ▄█████████▀    ▀█▀    ▀█       ▀████▄▄         ▄████
██████▄▄    ▄▄▄▄████████████  █████  ██  █  █  █  ████████████████████
█████████████████████████  █▄    ▄█▄    ▄█  █  █  ████████████████████
██████████████████████████████████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀▐▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄█▀▀▀█████████▀▀▀█▄
▄█▀    ▄▀█████▀     ▀█▄
▄█▄    █        ▀▄   ███▄
▄████▀▀▀▀▄       ▄▀▀▀▀▀███▄
████      ▀▄▄▄▄▄▀       ███
███     ▄▄███████▄▄     ▄▀█
█  ▀▄ ▄▀ ▀███████▀ ▀▄ ▄▀  █
▀█   █     ▀███▀     ▀▄  █▀
▀█▄▄█▄      █        █▄█▀
▀█████▄ ▄▀▀ ▀▀▄▄ ▄▄███▀
▀█████        ████▀
▀▀█▄▄▄▄▄▄▄█▀▀
● OVER 1000 GAMES
● DAILY RACES AND BONUSES
● 24/7 LIVE SUPPORT
Paperweight
Jr. Member
*
Offline Offline

Activity: 41
Merit: 37



View Profile
August 18, 2020, 08:07:02 PM
 #20

That's cool! Good work!

So you use the device to generate a private key and encrypt it with a password. You write the passworded key down (paper wallet) and store it safely as a backup in case you lose the device.

When you want to transact, you generate a signing request QR on your computer. The device scans it in and asks you for your password. It then generates a signature QR which you scan using your computer. Your computer adds it to the transaction and broadcasts it.

Er, wait, the device wipes its memory every time you use it, so you need to type in your passworded key and password every time. Sounds like a PITA that leads you to leaving your paper wallet lying around (printing a passworded key QR is nice but beyond the paranoia level of this device).

The device will have to have the unencrypted private key in memory at some point. How about the device stores the passworded key in volatile memory which gets wiped after a window of time, loses power, or you get the password wrong? It could possibly also be in a TPM of some sort that does the signing, inaccessible to the OS or memory to make it harder to dump from memory if the device is stolen within that window of time.

Note that normal RAM isn't truly volatile (https://citp.princeton.edu/our-work/memory/). You can freeze the device, kill its power, and then boot it from a memory card with a tiny live OS that dumps the raw memory that's still frozen in time from when it lost power.

The obvious attack is to steal the device, install a keylogger, and then put it back where you found it. Wink Maybe having read-only firmware and no USB or memory card ports would help for the above scenarios.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!