[WTS] BIP38 cold-storage wooden cards to protect your bitcoin - 10% off

[advanced]

@devthedev awesome pics, I'm glad it arrived   I tweeted one

@RainMan28  thanks for the feedback, its highly appreciated. We will work on some tweaks soon, and spacing is one of them.

[AussieHash]

xpost from reddit

I've been having great fun playing with the electrum console, and thought I would share :-)
You can generate your own 12 word electrum seed from the command line with the following

Code:

openssl rand -hex 16

for example : f6e257d7f51e2145bc2e2ad14fdd39d6 (note anything longer than a 12 word seed will not hex import in electrum generation 2.x)
Then from the Electrum console window (or running python from the command line)

import electrum
electrum.mnemonic.mn_encode('f6e257d7f51e2145bc2e2ad14fdd39d6')

Results in the mnemonic ['dear', 'tap', 'dove', 'flutter', 'person', 'door', 'sane', 'world', 'express', 'effort', 'won', 'blossom']

On the other hand, if you have already generated a mnemonic seed in electrum, it is stored in the wallet file as hexcode in the field 'seed': 'mnemonic_to_hex'

If you have encrypted your electrum wallet, then it will also be in the wallet file 'use_encryption': True, 'seed': 'AES_ENC_SEED' (note AES encryption produces a different output for the same input each time)
From the electrum console you can decode the AES_ENC_SEED with

electrum.wallet.pw_decode('AES_ENC_SEED', 'your_wallet_password')

This will give you the hexcode result, for example f6e257d7f51e2145bc2e2ad14fdd39d6
Then you can run that through the console

electrum.mnemonic.mn_encode('f6e257d7f51e2145bc2e2ad14fdd39d6')

https://github.com/spesmilo/electrum/blob/66e1e2707d4a82ecbe3f2bf7d532036d0a9651a8/lib/wallet.py#L43
https://github.com/spesmilo/electrum/blob/master/lib/mnemonic.py#L1659

Side note : I have also been playing with Shamir's Secret Sharing Scheme from the command line http://point-at-infinity.org/ssss/index.html

Edit : there does not appear to be any way to wipe the electrum console buffer, so don't type your secret password in there ! Use python from the command line instead.

Edit2 : If you have installed electrum from the command line, ie : homebrew on OSX, then extracted electrum source, then sudo python setup.py install you will be able to use from the command line electrum getseed to display your mnemonic seed and hexadecimal seed.  

Edit3: You can type getseed() from the electrum console. (the output is not saved in the console buffer)  If you have encrypted your wallet, you will be asked the password first.  
You can also type wallet.storage.get('seed') to display the encrypted seed

[Mitchell]

AussieHash, that is some amazing information! I will start playing with it tonight. Dinner plans come first, haha.

[advanced]

Thanks for sharing Super useful!

[devthedev]

Just posted something up on Reddit, http://www.reddit.com/r/Bitcoin/comments/28vrng/just_received_my_bip38_coldstorage_wooden_card/

[advanced]

Awesome Thanks a lot .  Just scanned the picture and tipped it  

[devthedev]

Awesome Thanks a lot .  Just scanned the picture and tipped it  

Sweet! Thank you.

[Jabulon]

Hi Everyone.

I'm Sam, the developer of Bippy. I'm happy to answer any question about the code or implementations of encryption that anyone may have

I've added the ability to encrypt Electrum Mnemonic seeds using a customised encryption method based on BIP0038. Bippy will recognise an Electrum seed based on the fact that it is twelve separate words. You add a password and the encryption takes place. Bippy can also decrypt the encrypted string back to the 12 word seed but only with the correct passphrase.

The code is available on github here:
http://github.com/inuitwallet/bippy
The Electrum specific code is in this file:
https://github.com/inuitwallet/bippy/blob/master/encrypt/electrum.py

As Nico has said, we are adding functionality to bippy as requests come in so the UI is in need of a bit of work.
I'll be working on making it easier to use over the next few days as well as attempting to get some compiled binaries up and working too.

If you have any questions or suggestions feel free to get in contact or post here.

A quick overview of the method for those who are interested (sorry for anyone who isn't interested. I'm quite pleased with this and want to talk about it ):

• Use the Electrum method to convert the mnemonic into the seed number
• Take a hash of the last 4 digits to act as a checksum
• Use that hash and the passphrase to generate an encryption key using scrypt
• Use that key to AES 256 encrypt the original seed in two halves (as in BIP0038)
• The encrypted string is a Base58_Check encoded concatenation of some magic bytes (to make the start of the string 'SeedE'), the checksum hash and the two encrypted halves

The decryption is the reverse of this but using the various checksums to ensure that the string is correct and the password works.  

Hi - great work mate. Would just like your take on security from the end user perspective, should they run the windows installer rather than compile from source. One concern is obviously that passwords could be retained in a hidden database and then broadcast the next time one goes online. Apart from using a one-time computer (or live DVD OS, as suggested), how can one verify that there is nothing shady and go ahead without worries? Thanks, and this is in no way to be taken as an accusation of ill intent.

[inuit_wallet]

Morning Jabulon.
Thanks for taking the time to post. You're concern is a valid one and is something that it's really hard to overcome from my point of view. Apologies in advance for rambling, I had a few thoughts that I needed to put down.

Producing private keys for Bitcoin and other alt-coins is something that should be done with great care and suspicion should rightly fall on anyone who claims to handle that process for you.

As someone who has produced software which handles the creation of private keys, this has been a bit of a tricky point. People in the Bitcoin and other Alt-coin communities are very nervous and ready to label a project as a scam. Understandably so as there have been a lot of scams.
My way around this has been to be as open and truthful as I can.
I have considered paying for code reviews or holding bug bounties but haven't for two reasons.
1) I don't have the capitol to pay for them (the tools I produce are free and I got to the Bitcoin party a little later than I should have),
2) I'm not sure that having a different internet persona say that the code is OK would actually make anyone believe it more than they already do.

As for Bippy, the code is based very closely on my other tool inuit which in turn is based on several other open source tools (see the thanks page on the linked website for a full list).
Bippy has been used a fair amount while just being used from source. Feedback from users indicated that the biggest hurdle to using Bippy was the difficulty in running it from code. That is the reason that a Windows installer was developed.

As for the executable. The installer itself is built using AutoHotKey as it produces quick and easy GUIs for windows. An Executable built with AHK isn't a true exe. If you open the Bippy_Installer.exe file in notepad and scroll to the bottom you will see the raw code, viewable as AHK, that makes up the installer. (the code above that that isn't humanly readable is a copy of the AHK interpreter used to run the code. exactly the same as installing AHK on your PC and then running the installer script). If you like, you can read that AHK code to see exactly what the installer is doing on your machine (copying the Bippy code to the Program files/Bippy directory, setting up shortcuts on desktop and start menu and that's about it)

To build the Bippy Executable I used pyinstaller. The settings I used mean that the full code is viewable in the Program files directory rather than coming as a single, compiled executable. There is still some compiled code in there but it is the minimum I could get away with and still have a functioning installer and executable Bippy.


Really there is only so much I can do. The fact remains that Bippy is a load of code which, without diving into yourself and understanding fully, could do anything. You have my assurances that it doesn't do anything other than the advertised features. There's no hidden database, it doesn't request or need any internet connection, it doesn't store anything in any sort of cache for later use (something possible in browsers). Once Bippy is shutdown it is shutdown.
I have worked closely with Nico from Woodwallets both during the creation of Bippy and since and he will, I'm sure, lend his assurance that Bippy is safe.

The end decision is yours though. The Windows installer makes the process nice and easy but could contain something malicious where as running from source is safer but requires more work (the amount of work isn't huge if that's any help). If you are really worried about the security of the Installer, you could always run it in a Single Use Virtual Machine, in something like VirtualBox or Docker. There's a bit of work to get those working too though. (I have considered creating Docker Images to make things easier but, as it's me doing it, the same uncertainty would remain for any end user).

I hope that my continued presence here and on other forums and my reachability as well as my understanding of the quandary you find yourself in counts somewhat in my favour. I put a large amount of time and effort into both inuit and Bippy and the best compliment for me is to hear that people are using them and finding them useful.

(Just to cloud the argument even more, Nico is offering every WoodWallet product at 50% off today for Bitcoin Black Friday. sorry, I just had to put that out there)     



TL;DR - As I'm the creator of Bippy, there's not much I can say to assure you that the software is safe. I have done what I can but the final decision remains with you.
In my opinion. the safest way to use Bippy if you are worried would be to run up a Docker container using Ubuntu. Install Python, Kivy and the Bippy source code and run it from there with your internet connection turned off (you will need to forward X from Docker to view the UI). After that, destroy the Docker container.

[Jabulon]

Hi inuit_wallet, and thanks for the level of detail (and candor) in your reply. For the fun of it, I've done the source compile in Ubuntu, without issues, as well as run the windows-installer on a permanently offline cheapo laptop. Compliments to you on creating a powerful little utility. I have really enjoyed playing with it. 5-star rating. It is very, very cool.  

[inuit_wallet]

Hi inuit_wallet, and thanks for the level of detail (and candor) in your reply. For the fun of it, I've done the source compile in Ubuntu, without issues, as well as run the windows-installer on a permanently offline cheapo laptop. Compliments to you on creating a powerful little utility. I have really enjoyed playing with it. 5-star rating. It is very, very cool.  

Hi Jabulon,

Thanks for taking the time to report back and thank you too for the kind words. I'm really glad you found playing with Bippy a pleasant experience. If you have any suggestions for future improvements I'd be happy to take them on board.

Sam
 

[advanced]

Goodbye Woodwallets?

TL DR; Life got in the way and  we will not able to work on Woodwallets.io with the same level of passion and dedication we used to. Instead of just running it like a boring online shop, we decided to suspend operations. If you happen to know someone who can be interested in picking up the business and run it with passion, get in touch. Bitcoin accepted.

Full message : http://woodwallets.io/goodbye-woodwallets/

It all started just for fun one year ago, with a reddit post titled “I have a lasercutter in my hands for a couple of months. Would you be interested in wooden paper wallets?” . The response was overwhelming.

After a month of prototyping and setups, I sneaked into the World Mobile Congress to personally hand the first wallet to Jon Matonis, then president of the Bitcoin Foundation. And here were are, one year and several hundreds Woodwallets later, facing a hard decision.

During Woodwallets‘s first and only year we have transformed a no-budget bizarre idea into a profitable business with a very solid reputation in the crypto-currency space (EDIT: this story is now on coindesk) . We always refused to get a “paid review of your product” in the bitcoin press – and I assure there was no shortage of “special offers” in our inbox. Yet we have been able to reach the bitcoin community at large, building trustful relations with our loyal customers. I still get surprised when I show the product at local events/meetups to find out that a decent number of  people already knows it.

By putting energy and dedication in delivering a product for bitcoiners, we have been able to focus on what really matter : making the community happy with the product. The feedback we received from Woodwallets buyers can attest that we hit the target.

Beside  being a an elegant piece of design, Woodwallets also helped in raising awareness about cryptocurrency in general and cold storage practices. A good ice-breaker for face2face introduction to cryptos, it also allowed for the creation of open source BIP38 encryption tools like bippy, pushing a bit over the boundary of bitcoin security and infrastructure.

However, it is now time for us to move on. Life sometimes gets in the way, and we  realized we won’t have enough time for running Woodwallets with the same level of dedication that brought us where we are now. We can’t afford anymore to spend nights soldering thousands of free bitcoin keychain rings for a conference by hand. We won’t be able anymore to experiment with new materials, research into new products, play with multisig, be active on social networks, promptly respond to emails and follow the altcoin scene while keeping keep up with this extremely fast-paced space.

Not being able to invest time in such activities will make Woodwallets just an ordinary, average and boring business. And we do not want to upset the (almost) one thousand amazing twitter followers and fans. Instead, we took the decision to stop taking new orders, with immediate effect.

We would be more than happy to leave everything we built so far in the hands of a company or an individual who is capable of running it with the same level of passion -possibly even more – that we kept during this year. If you think you are that person, or you know someone who might be the one, please get in touch or help us by spreading this message

And no, we will not conclude this message with a Bitcoin address begging for donations. Never did. Just two simple words, in the name of all the people who at some point collaborated in this project : thank you.

Whatever happens now, we will keep a good memory

[unamis76]

Damn, too bad you guys shut down... Pretty sad to see such quality wallets go away from the Bitcoin scene!

Did you guys had any competitors? I've been searching, but I can't find any. Even if it's not in wood, I'd love to have another original wallet in the future

[busterroni]

Aw, I was planning on getting one I hope it comes back, and thank for making them

[mrbrt]

We would be more than happy to leave everything we built so far in the hands of a company or an individual who is capable of running it with the same level of passion -possibly even more – that we kept during this year. If you think you are that person, or you know someone who might be the one, please get in touch or help us by spreading this message

Did anyone ever buy this business? I'm not expressing interest, just curious.

[BG4]

We would be more than happy to leave everything we built so far in the hands of a company or an individual who is capable of running it with the same level of passion -possibly even more – that we kept during this year. If you think you are that person, or you know someone who might be the one, please get in touch or help us by spreading this message

Did anyone ever buy this business? I'm not expressing interest, just curious.

I am capable of something very similar.