Bitcoin Forum
December 11, 2016, 04:13:49 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Air gapped wallet printer  (Read 5952 times)
MoTLD
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
April 24, 2012, 03:09:17 PM
 #1

Anybody have use for a dedicated wallet generator?

This is an idea I've been bouncing around in my head for a little while now, and I want to see if anybody else is already working on something similar.

I'd like to put a microcontroller in a small label printer, and at the press of a button (or several, for random seed generation) it prints two labels. One has a wallet address, the other has the corresponding private key, both with QR codes.

No computer necessary, instant air gap, open source code.

With some extra effort, it could be expanded to give GPG keys, other currency wallets, etc. Anything you'd normally disconnect and reboot your computer to a live cd for, so long as it uses hashing algorithms that a microcontroller can handle in a reasonable amount of time.

Think I could sell many of these if I started making 'em?

-Mo

Do One Thing Every Day That Scares You | PrimeDice.com | The New Way To Roll
3 BTC raffle - free to enter! I will gladly accept tips or charity: 1MoTLDxxwp73ftUVy476DPzmcCQJRtNyQT
1481429629
Hero Member
*
Offline Offline

Posts: 1481429629

View Profile Personal Message (Offline)

Ignore
1481429629
Reply with quote  #2

1481429629
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481429629
Hero Member
*
Offline Offline

Posts: 1481429629

View Profile Personal Message (Offline)

Ignore
1481429629
Reply with quote  #2

1481429629
Report to moderator
1481429629
Hero Member
*
Offline Offline

Posts: 1481429629

View Profile Personal Message (Offline)

Ignore
1481429629
Reply with quote  #2

1481429629
Report to moderator
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 24, 2012, 11:11:12 PM
 #2

Anybody have use for a dedicated wallet generator?

Some conversation about this topic here:

 - http://bitcointalk.org/index.php?topic=74615.0

Think I could sell many of these if I started making 'em?

There is a market for something like that, I would bet.

dayfall
Sr. Member
****
Offline Offline

Activity: 312



View Profile
April 25, 2012, 12:01:40 AM
 #3

I think it would be possible to program a simple microcontroller to mount itself as a usb mass storage device and to serve up a single image that contains a key that is generated upon powerup.  Or it could write to a SD card which could be inserted directly into most modern printers.  I have built something similar to both of these in the past.  However, I doubt I could get the key generation code compiled on anything.
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
April 25, 2012, 12:57:26 AM
 #4

Anybody have use for a dedicated wallet generator?

This is an idea I've been bouncing around in my head for a little while now, and I want to see if anybody else is already working on something similar.

I'd like to put a microcontroller in a small label printer, and at the press of a button (or several, for random seed generation) it prints two labels. One has a wallet address, the other has the corresponding private key, both with QR codes.

No computer necessary, instant air gap, open source code.

With some extra effort, it could be expanded to give GPG keys, other currency wallets, etc. Anything you'd normally disconnect and reboot your computer to a live cd for, so long as it uses hashing algorithms that a microcontroller can handle in a reasonable amount of time.

Think I could sell many of these if I started making 'em?

-Mo



I'd certainly be very interested in one of those, IF there was the small additional feature that I could print out more than one copy of a given keypair. Not that I want it to store the addresses/keys; rather, so that I when I push "New Keys", I can tell it how many copies to print.

If I intend to store more than a pittance at an address, I want more than one copy of it and its key as backup, and if I have to scan it into a computer to make copies, that kind of defeats the purpose.

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
Tuxavant
Hero Member
*****
Offline Offline

Activity: 756


Bitcoin Mayor of Las Vegas


View Profile WWW
April 25, 2012, 02:18:31 PM
 #5

This needs a simple LCD display to show QR codes for a truly air-gapped implementation. Count me in for at least one.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
MoTLD
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
April 26, 2012, 04:46:42 AM
 #6

Stephen Gornick: Thanks for the link, looks like I'm (unsurprisingly) not the first to think of this. Smiley

dayfall: Those could both be done, but the idea is for this device to be pretty much incompatible with computers so there's no way short of looking over the user's shoulder or breaking into his safe to get the private key.

westkybitcoins: Hadn't thought of multiple copies, thanks! You're right, backups are a must.

Tuxavant: Actually, that was my first idea, have it show a QR code on an LCD. But the second you've scanned that QR code, your air gap is only as good as the device you scanned it into, and if that's good why not just generate the code on it? So this printer would be for folks who want their private key never to have touched a machine that will ever be networked.

But the labels will certainly have QR codes, to minimize the chance of typing mistakes. And the public address label would probably just be scanned in and then thrown away, so maybe I'll consider an LCD display for it and print just the private keys.

Thanks for the input, everybody! Now that I'm past my newbie limits, I'll start a new post about this elsewhere if/when I actually throw something together.

-Mo

Do One Thing Every Day That Scares You | PrimeDice.com | The New Way To Roll
3 BTC raffle - free to enter! I will gladly accept tips or charity: 1MoTLDxxwp73ftUVy476DPzmcCQJRtNyQT
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 26, 2012, 05:00:22 AM
 #7

Sounds to me like you're describing POS credit card machine hardware!

I have SDK's for quite a bit of the hardware, but they generally can only run straight C/C++ code and offer very limited library support.  I have already figured out how to get a VeriFone Vx510 to print QR codes on the built-in printer given a text string to encode.  If someone could provide me some straight C code that could do the ECC calculation and the hashing to form bitcoin addresses - with no dependency on any libraries - where I could call a function and supply 32 random bytes and a buffer where the function can drop a bitcoin address and private key - I could compile and sign a program that did this, for everyone's benefit.

I believe I might be able to dig up an SDK for an older model called the Omni 3200, which is also programmed in C.

The advantage to these older models is they're readily available on eBay for cheap.  That Omni 3200 is available used in the $30-$50 range, which is hard to beat.  They are often perfectly good and in plentiful supply, as businesses liquidate them all the time from upgrading or going out of business.

Once compiled, these programs are fairly easy to load on terminals.  At the very least, they are all capable of using the built-in dialup modem to call a server and grab a program.  I have such a server, and the protocol for supplying programming to the terminal is drop-dead simple (similar to XMODEM protocol).

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
April 26, 2012, 05:10:38 AM
 #8

Interesting project.

MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
April 26, 2012, 05:20:35 AM
 #9

This is an excellent idea, but users need to be warned to use high quality, archive grade paper & ink.  Regular printer paper yellows while regular ink eventually fades and 'blends' marring the sharp edges of the QR codes.  If the key pages also print the keys in a human readable format, this isn't likely to matter within a normal human timeframe; as if the QR code is too blurred to scan well, one just has to sit down and type it in.

I might buy one, if they don't cost too much.  What would the printer do for entropy, though?  Perhaps a simple am receiver to encode the static background?  A regular microcontroller is way too deterministic and simple of a device to not have some kind of deliberate entrophy; otherwise the keys produced are going to have some distinct bias towards a particular set of keys, and there might be address collisions.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
MoTLD
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
April 26, 2012, 05:44:05 AM
 #10

casascius: Awesome, I'd never thought of a POS terminal. My idea was to drop a microcontroller into an off the shelf serial printer, but a used POS terminal would probably be a lot cheaper while providing more options. If I knew more C I'd order one off eBay and collaborate with you on it. Maybe this is the excuse I need to crack some books... Wink

MoonShadow: Excellent points. As was mentioned on the linked thread, thermal paper would be nearly useless. I dunno if there are archival-quality labels, but I had in mind a label printer for this. But I'm glad you mentioned that as now I'm thinking it should print the human-readable part of it as large and well defined as possible in case of eventual fading or blurring.

And for entropy, I was thinking that the user would be required, after selecting what sort of key they want and how many copies, to press all of the device's buttons repeatedly and in random order, lots and lots of times. Wink

Keep the ideas comin' everybody!

-Mo

Do One Thing Every Day That Scares You | PrimeDice.com | The New Way To Roll
3 BTC raffle - free to enter! I will gladly accept tips or charity: 1MoTLDxxwp73ftUVy476DPzmcCQJRtNyQT
Tuxavant
Hero Member
*****
Offline Offline

Activity: 756


Bitcoin Mayor of Las Vegas


View Profile WWW
April 26, 2012, 12:23:47 PM
 #11

Tuxavant: Actually, that was my first idea, have it show a QR code on an LCD. But the second you've scanned that QR code, your air gap is only as good as the device you scanned it into, and if that's good why not just generate the code on it? So this printer would be for folks who want their private key never to have touched a machine that will ever be networked.


For my intended purpose, this device would be an off-line wallet generator and storage device. You only trust the private keys generated by the device until you need to spend the money. That's when you'd display the private keys on the LCD display and sweep them into a private wallet for spending.

Edit: Perhaps displaying the key on the LCD panel might give you the option to actually delete it, or at least mark it "compromised".

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 26, 2012, 09:55:55 PM
 #12

For entropy, I would ask someone to press a large number of keys.  The main source of entropy would be the system tick count collected with each keypress.

Agreed that thermal paper has a shelf life, but my first recommendation would be to photocopy it onto normal paper using a copier (could be a multifunction printer, but the important part is that it's not scanned into a computer).  Thermal paper is hard enough to manage for its shape and the fact that it curls, let alone the possibility of the ink fading.  The motivation to use the credit card machines with thermal paper is the low cost of acquisition of the device.

If a multifunction printer must be involved, another promising idea is to create a bootable USB image that does the key generation and dumps the output back to the USB stick as jpegs, which can then be shoved in a multifunction printer for printing.  In fact, this one is extremely practical.  Bootable image could just contain something that runs BitAddress.org's script and renders the output straight to PDF, which most printers can print as well.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
MoTLD
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
April 27, 2012, 12:05:38 AM
 #13

Tuxavant: The device I envision has no non-volatile memory, so keeping track of it is not important - assuming your wallets are worth more than the device, anyway. All that matters is keeping track of the keys it prints. A dedicated wallet generator which is also a wallet vault is very interesting, but not what I'm looking to build.

casascius: Agreed, the low cost of a surplus POS terminal might make up for the disadvantages of thermal paper. But, in a perfect world, the output of the device can be directly tossed in the safe with no intermediate steps.

And a bootable USB device creating jpegs is also interesting, but doesn't meet my aims of not needing to use/reboot your computer. It's just a more convenient version of what I already do, which is unplugging the network, booting a linux live CD, running the BitAddress.org script, and printing the output. But if someone (me, maybe?) wants to create a dedicated live cd/usb image which includes lots of Bitcoin tools (full bitcoin client, BitAddress.org, pywallet.py, vanitygen, password vault, etc.) along with all their dependencies in a ready-to-run-offline form, I'm sure it would be well received!

Thanks, guys, keep the great ideas rolling!

-Mo

Do One Thing Every Day That Scares You | PrimeDice.com | The New Way To Roll
3 BTC raffle - free to enter! I will gladly accept tips or charity: 1MoTLDxxwp73ftUVy476DPzmcCQJRtNyQT
Foxpup
Legendary
*
Online Online

Activity: 1708



View Profile
April 27, 2012, 01:40:17 AM
 #14

For entropy, I would ask someone to press a large number of keys.  The main source of entropy would be the system tick count collected with each keypress.

I think any dedicated bitcoin device should have a hardware RNG. The only reason for messing about with such things as input timing is when a hardware RNG isn't available (like on most PCs, for example).

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 27, 2012, 02:32:09 AM
 #15

And a bootable USB device creating jpegs is also interesting, but doesn't meet my aims of not needing to use/reboot your computer. It's just a more convenient version of what I already do, which is unplugging the network, booting a linux live CD, running the BitAddress.org script, and printing the output. But if someone (me, maybe?) wants to create a dedicated live cd/usb image which includes lots of Bitcoin tools (full bitcoin client, BitAddress.org, pywallet.py, vanitygen, password vault, etc.) along with all their dependencies in a ready-to-run-offline form, I'm sure it would be well received!

Thanks, guys, keep the great ideas rolling!

-Mo


Is the printing part difficult?  I don't ever print in Linux, but wonder how does the average Joe set up a printer to work with a live CD?  Would he not need drivers, which may very well not exist for his printer?  Or does Linux have support for most of the typical printers out there?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
MoTLD
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
April 27, 2012, 02:42:42 AM
 #16

For entropy, I would ask someone to press a large number of keys.  The main source of entropy would be the system tick count collected with each keypress.

I think any dedicated bitcoin device should have a hardware RNG. The only reason for messing about with such things as input timing is when a hardware RNG isn't available (like on most PCs, for example).

I wholeheartedly agree, but the last time I checked (and I admit, it's been some time) RNG hardware wasn't cheap, or at least the cheap stuff was awfully slow. Have things improved?

Is the printing part difficult?  I don't ever print in Linux, but wonder how does the average Joe set up a printer to work with a live CD?  Would he not need drivers, which may very well not exist for his printer?  Or does Linux have support for most of the typical printers out there?

I'm no linux guru myself, and I was frankly shocked that the Ubuntu live CD I downloaded for just this purpose automagically printed to the HP "winprinter" here at my folks' place that I couldn't use under my OS of choice (eComStation, in case you're curious) back when I had a laptop and needed to print something here.

If my experience is typical, all the average Joe needs is a Ubuntu live cd with bitcoin-related tools and some basic instructions.

-Mo

PS - Yes, I was just being too lazy to quote before. Actually, too lazy to allow bitcointalk.org through the script blocker. But I've changed my evil ways... Wink

Do One Thing Every Day That Scares You | PrimeDice.com | The New Way To Roll
3 BTC raffle - free to enter! I will gladly accept tips or charity: 1MoTLDxxwp73ftUVy476DPzmcCQJRtNyQT
Foxpup
Legendary
*
Online Online

Activity: 1708



View Profile
April 27, 2012, 03:10:15 AM
 #17

I think any dedicated bitcoin device should have a hardware RNG. The only reason for messing about with such things as input timing is when a hardware RNG isn't available (like on most PCs, for example).

I wholeheartedly agree, but the last time I checked (and I admit, it's been some time) RNG hardware wasn't cheap, or at least the cheap stuff was awfully slow. Have things improved?

Well, the expensive stuff has always been faster than the cheap stuff (otherwise why would anyone buy it?), but you don't really need speed. "Awfully slow" these days means a few kilobytes of entropy per second. That's more than enough to generate a bitcoin address in less time than it takes to print it, and in any case is much, much faster than mashing the keyboard to produce entropy.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
April 27, 2012, 04:12:49 AM
 #18

For entropy, I would ask someone to press a large number of keys.  The main source of entropy would be the system tick count collected with each keypress.

I think any dedicated bitcoin device should have a hardware RNG. The only reason for messing about with such things as input timing is when a hardware RNG isn't available (like on most PCs, for example).

I wholeheartedly agree, but the last time I checked (and I admit, it's been some time) RNG hardware wasn't cheap, or at least the cheap stuff was awfully slow. Have things improved?


Well, that's exactly why I mentioned an am receiver tuned to static.  Pipe that into the stereo mic-in jack of a small computer, mash the resulting bitstream up with some hashing algos, and you've got a pretty decent RNG hardware on the cheap. 

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
MoTLD
Jr. Member
*
Offline Offline

Activity: 42



View Profile WWW
April 27, 2012, 05:00:51 AM
 #19

Well, that's exactly why I mentioned an am receiver tuned to static.  Pipe that into the stereo mic-in jack of a small computer, mash the resulting bitstream up with some hashing algos, and you've got a pretty decent RNG hardware on the cheap. 

Good thinking! I must've read right past that, sorry. The only thing I'd worry about is an adversary having a transmitter nearby and therefore overriding the unpredictability of the seed. Since I plan on keeping the specs and software open on this design, an adversary who knows you have it knows how it works.

But you're on the right track. I've been trying to think of a good, cheap RNG (besides button-mashing) that's hard to either eavesdrop on or influence from afar. So far I've avoided actually researching it so I don't muddy up my thought process, but soon I'll see what's commercially available.

-Mo

Do One Thing Every Day That Scares You | PrimeDice.com | The New Way To Roll
3 BTC raffle - free to enter! I will gladly accept tips or charity: 1MoTLDxxwp73ftUVy476DPzmcCQJRtNyQT
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
April 27, 2012, 05:05:52 AM
 #20

Well, that's exactly why I mentioned an am receiver tuned to static.  Pipe that into the stereo mic-in jack of a small computer, mash the resulting bitstream up with some hashing algos, and you've got a pretty decent RNG hardware on the cheap. 

Good thinking! I must've read right past that, sorry. The only thing I'd worry about is an adversary having a transmitter nearby and therefore overriding the unpredictability of the seed. Since I plan on keeping the specs and software open on this design, an adversary who knows you have it knows how it works.

But you're on the right track. I've been trying to think of a good, cheap RNG (besides button-mashing) that's hard to either eavesdrop on or influence from afar. So far I've avoided actually researching it so I don't muddy up my thought process, but soon I'll see what's commercially available.

-Mo


An attacker could bias your device from afar, but he'd also need to know precisely when you pushed the 'start' button.   And if you were using a normal radio to do it, you could hear the attempt at screwing with it.  Although it's technically possible, the practical means of influencing the entrophy in this fashion is pretty remote.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!