Bitcoin Forum
March 28, 2024, 08:03:01 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [Android] Deck Wallet v1.0: Store your bitcoins in a deck of cards  (Read 7895 times)
EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 04, 2014, 08:30:31 PM
Last edit: October 09, 2014, 06:49:01 PM by EcuaMobi
 #1


I've read on several places the idea to use real-world entropy such as dice or cards to generate a seed to create bitcoin addresses.

Basing on that idea, I have create a simple Android app that allows users to generate up to 52 bitcoin addresses from a deck of cards.

You can get it here from Google Play:
https://play.google.com/store/apps/details?id=com.ecuamobi.deckwallet

or https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_1.0.apk?raw=true
It requires a device running Android 4.0+ with touchscreen.

Features
  • Easily enter the order of the cards by using spinners.
  • Supports an optional password.
  • Checks for repeated or missing cards, as well as miss-entered passwords.
  • Allows the user to re-enter everything to double-check the generated wallet. This is to prevent sending coins to the void.
  • Shows QR codes for the generated addresses and private keys.
  • Allows individual sharing of an address or key, as well as bulk sharing of all generated addresses.

About security
  • Completely offline. The application does not requires permission to access the Internet, store files, or any other.
  • Open source. The code is available here: https://github.com/ecuamobi/deck-wallet/
  • You don't need to enter the order of the cards using the keyboard, therefore it's not vulnerable to malicious keyboards.
  • Checks for repeated or missing cards.
  • Allows the user to re-enter everything to double-check the generated wallet.
  • 2FA: Option to enter a password (or more than one to create secondary wallets) besides the deck itself.
  • Allows the generation on an extra wallet using a secondary password, thus protecting the main one against a physical attack (disclose the secondary password instead of the main one).
  • Obscurity: An attacker won't know there are bitcoins in that deck, even if they find it.

Instructions
  • Install Deck Wallet on a non-rooted Android device.
    Important: Make sure to download only from either
    https://play.google.com/store/apps/details?id=com.ecuamobi.deckwallet or
    https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_1.0.apk?raw=true
    and double check it does not require any permissions.
  • Riffle shuffle a deck of cards 7 times or more.
  • Select the number of cards to use. 52 is recommended.
  • Enter every card on the app (it takes me about 4 or 5 minutes to do so).
  • Optionally enter a password you won't forget (it's not possible to recover it!).
  • Touch "Go!" to generate up to 52 bitcoin addresses. It will generate as many addresses as the number of entered cards.
  • Optionally, copy the order of the cards into another deck, as backup.
  • Double-check your deck wallet: Touch the 'Check' icon and re-enter the same password and card order.
  • After checking it, send some bitcoins to your deck wallet and store your deck of cards in a safe place.

How it works
  • The entered cards are converted to 2-char strings and concatenated. For example 3 of hearths is represented as 3H. 10, Jack, Queen and King are represented as T, J, Q and K respectively.
  • If a password is entered, it is pre-pended to the resulting string.
    Example seed: myPasswordAH4CTS9D...KHQS
  • The first address is calculated as a brain address, using SHA256 from the full generated seed. The result is the same as manually entering the full string into http://bitaddress.org or other similar tool.
  • The second address is calculated from the seed except the first card is moved to the end (Example: myPassword4CTS9D...KHQSAH)
  • The third address is calculated from the seed except the first 2 cards are moved to the end (Example: myPasswordTS9D...KHQSAH4C) and so on.
  • To check the generated wallet, the double SHA256 of the full seed is temporarily stored on RAM.
  • Nothing is stored permanently and nothing is sent or received through Internet (the app doesn't have permission to do that).

Donations

If you find this app useful, please consider donating:
bitcoin:17GXYDJEDUqw7hYtqquyN1kYWmtcmFKhK8


DeckWallet is open source released under the MIT license.

It is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement.


1711612981
Hero Member
*
Offline Offline

Posts: 1711612981

View Profile Personal Message (Offline)

Ignore
1711612981
Reply with quote  #2

1711612981
Report to moderator
Transactions must be included in a block to be properly completed. When you send a transaction, it is broadcast to miners. Miners can then optionally include it in their next blocks. Miners will be more inclined to include your transaction if it has a higher transaction fee.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711612981
Hero Member
*
Offline Offline

Posts: 1711612981

View Profile Personal Message (Offline)

Ignore
1711612981
Reply with quote  #2

1711612981
Report to moderator
1711612981
Hero Member
*
Offline Offline

Posts: 1711612981

View Profile Personal Message (Offline)

Ignore
1711612981
Reply with quote  #2

1711612981
Report to moderator
blossbloss
Jr. Member
*
Offline Offline

Activity: 50
Merit: 1


View Profile
October 04, 2014, 11:48:44 PM
 #2

Nice idea.  A few comments:
1) the recommended 7 shuffles should be specified as (well distributed) riffle shuffles (based on Percy Diaconis work at Harvard). If the user does not feel comfortable doing riffle shuffles, then they should use what ever shuffle they know, but they should shuffle for a long time.
2) when you generate the successive addresses, you should cycle the deck and put the card at the back of the deck so that there are still 52 cards in the seed.  That way, you can generate 52 addresses instead of just 20.
3) Provide a strong warning that the user should not enter standard (widely known by magicians) stacks, even though that might seem like a good idea.  Always shuffle the cards.
4) I am assuming that if I shuffle the cards and write them down, they will generate the same wallet if I do the process over again. Right?
EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 05, 2014, 12:06:40 AM
 #3

Nice idea.  A few comments:
1) the recommended 7 shuffles should be specified as (well distributed) riffle shuffles (based on Percy Diaconis work at Harvard). If the user does not feel comfortable doing riffle shuffles, then they should use what ever shuffle they know, but they should shuffle for a long time.
2) when you generate the successive addresses, you should cycle the deck and put the card at the back of the deck so that there are still 52 cards in the seed.  That way, you can generate 52 addresses instead of just 20.
3) Provide a strong warning that the user should not enter standard (widely known by magicians) stacks, even though that might seem like a good idea.  Always shuffle the cards.
4) I am assuming that if I shuffle the cards and write them down, they will generate the same wallet if I do the process over again. Right?

Thanks for your comments.

Regarding 1 (and probably 3), the 7-time shuffle is already recommended under instructions.

I will consider 2, although I really don't think more than 20 addresses are required.

Regarding 4, of course it would generate the same addresses, be it from the same deck itself (recommended) or a paper where you wrote it down.


blossbloss
Jr. Member
*
Offline Offline

Activity: 50
Merit: 1


View Profile
October 05, 2014, 03:24:31 AM
 #4

Regarding 1 (and probably 3), the 7-time shuffle is already recommended under instructions.

To be clear, what I meant that the 7 shuffles need to be riffle shuffles in order to generate a random sequence.  Other kinds of shuffles (such as overhand shuffles) will not come close to generating a random sequence after only 7 shuffles.
EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 05, 2014, 03:35:39 AM
 #5

Regarding 1 (and probably 3), the 7-time shuffle is already recommended under instructions.

To be clear, what I meant that the 7 shuffles need to be riffle shuffles in order to generate a random sequence.  Other kinds of shuffles (such as overhand shuffles) will not come close to generating a random sequence after only 7 shuffles.

I see. I missed that.

I've updated the OP adding that.

EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 06, 2014, 05:19:41 PM
 #6

Following blossbloss's advice, I'll change how the extra addresses are generated.

Therefore, don't use the app to store your bitcoins yet. I will publish version 1.0 this week.

EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 07, 2014, 04:47:02 PM
 #7

DeckWallet has been updated to version Beta 0.2.

You can download it here:
https://github.com/ecuamobi/deck-wallet/blob/master/market/DeckWallet_0.2.apk

  • It now allows choosing the number of cards with a minimum of 31.
  • It generates as many bitcoin addresses as the number of entered cards. The addresses are generated by moving the first card to the end. See "How it works" in the OP.

Any feedback is welcome, especially regarding security.


EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 09, 2014, 08:21:27 PM
 #8

I've just published version 1.0 on Google Play:

https://play.google.com/store/apps/details?id=com.ecuamobi.deckwallet

PolarPoint
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
October 09, 2014, 09:11:28 PM
 #9

Very nice idea! So I can lock that deck of cards in a safe and no one will know I have a bitcoin keys hidden inside.

You know what could be nicer if the app can access the camera on the phone and "watch" I deal the cards one by one and the app can recognise all the numbers and suits of each card so I don't have to enter the cards manually.  Cheesy
TheButterZone
Legendary
*
Offline Offline

Activity: 3038
Merit: 1031


RIP Mommy


View Profile WWW
October 09, 2014, 09:36:34 PM
 #10

Very nice idea! So I can lock that deck of cards in a safe and no one will know I have a bitcoin keys hidden inside.

Make sure to put some other magic props in there, or people will.

Saying that you don't trust someone because of their behavior is completely valid.
EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 09, 2014, 10:11:55 PM
 #11

Very nice idea! So I can lock that deck of cards in a safe and no one will know I have a bitcoin keys hidden inside.

You know what could be nicer if the app can access the camera on the phone and "watch" I deal the cards one by one and the app can recognise all the numbers and suits of each card so I don't have to enter the cards manually.  Cheesy

Nice idea Smiley probably for a future version. It seems like a big project.

However, I'm not sure if waiting until a mobile camera focuses and scans would be faster than manually entering a single card.

Very nice idea! So I can lock that deck of cards in a safe and no one will know I have a bitcoin keys hidden inside.

Make sure to put some other magic props in there, or people will.

It's recommended to use a password and to keep the cards in a safe place.
Following those 2 rules (plus a proper shuffling) can be an extremely safe way to store BTC for a long period.

Most people won't know that a deck of cards can hold a set of BTC keys, but of course that's not enough for security.


unamis76
Legendary
*
Offline Offline

Activity: 1512
Merit: 1003


View Profile
October 10, 2014, 08:09:47 PM
 #12

This app looks really nice, and this project has some legs to walk a long walk... Looking good, keep it up Smiley
blossbloss
Jr. Member
*
Offline Offline

Activity: 50
Merit: 1


View Profile
October 11, 2014, 02:00:32 AM
 #13

Very nice work!
EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
October 13, 2014, 03:57:15 PM
 #14

This app looks really nice, and this project has some legs to walk a long walk... Looking good, keep it up Smiley

Very nice work!

Thanks!

Any feedback is welcome, especially regarding security
or ideas to improve it.

EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
February 07, 2015, 01:32:13 PM
 #15

Anyone using this app please post your review.

I understand you probably don't want people to know that deck of cards in your drawer has any value but any comment would be appreciated.

Still looking for feedback regarding security. Anyone sees any way of this being hacked?

ColderThanIce
Sr. Member
****
Offline Offline

Activity: 373
Merit: 252



View Profile
February 07, 2015, 05:02:51 PM
 #16

this looks really cool, i might give it a try later on.

in your first post you say install it on a non-rooted phone. is this essential, or will it work on a rooted phone as well?

ROLLIN.IO  BITCOIN   DICE   GAME
   ⚁    ⚂    ⚃    ⚄   ⚅   ⚁   ⚂
                                        ███████████████████    
                                      ██                                    ██
                                      ██                                    ██              
                                      ██                                    ██ 
                                      ██                                    ██
                                      ██                                    ██
      ██████████████████                                    ██
      ██                            ██                                    ██
      ██                            ██                                    ██  
      ██                            ██                                    ██
      ██                            ██████████            ██████
      ██                            ██              ██          ██
      ██                            ██                 ██       ██
      ██                            ██                    ██    ██
      ███████        ███████                        ████
                ██     ██
                ██  ██
                ████
             
███████████
S  O  C  I  A  L
C H A T T I N G
                    ██
                  ████
                ██████
              ████████
            ██████████
          ████████████
        ██████████████
      ████████████████
    ██████████████████
  ████████████████████ 
              ████████
              ████████

              ████████

              ████████
██████████████
LEVEL UP SYSTEM
   WITH REWADS
                ██████
              ████████
            ██████████
          ████████████
        ██████████████
    ██████████████████
  ████████████████████
█         ████████████████
█         ████████████████
█         ████████████████
█         ████████████████
   ██████████████████ 
     ████████████████
        █████████████
           ██████████
                █████
██████████████
 FREE BITCOINS
unamis76
Legendary
*
Offline Offline

Activity: 1512
Merit: 1003


View Profile
February 07, 2015, 08:42:57 PM
 #17

this looks really cool, i might give it a try later on.

in your first post you say install it on a non-rooted phone. is this essential, or will it work on a rooted phone as well?

It works on rooted and non-rooted as far as I know. But you're obviously more vulnerable if you install it in a rooted phone... (and the same goes for iOS and wallets on a jailbroken phone)
ColderThanIce
Sr. Member
****
Offline Offline

Activity: 373
Merit: 252



View Profile
February 08, 2015, 02:48:14 PM
 #18

this looks really cool, i might give it a try later on.

in your first post you say install it on a non-rooted phone. is this essential, or will it work on a rooted phone as well?

It works on rooted and non-rooted as far as I know. But you're obviously more vulnerable if you install it in a rooted phone... (and the same goes for iOS and wallets on a jailbroken phone)
oh ok, thanks for answering my question. i have a rooted phone so that's why i was wondering.  Grin

ROLLIN.IO  BITCOIN   DICE   GAME
   ⚁    ⚂    ⚃    ⚄   ⚅   ⚁   ⚂
                                        ███████████████████    
                                      ██                                    ██
                                      ██                                    ██              
                                      ██                                    ██ 
                                      ██                                    ██
                                      ██                                    ██
      ██████████████████                                    ██
      ██                            ██                                    ██
      ██                            ██                                    ██  
      ██                            ██                                    ██
      ██                            ██████████            ██████
      ██                            ██              ██          ██
      ██                            ██                 ██       ██
      ██                            ██                    ██    ██
      ███████        ███████                        ████
                ██     ██
                ██  ██
                ████
             
███████████
S  O  C  I  A  L
C H A T T I N G
                    ██
                  ████
                ██████
              ████████
            ██████████
          ████████████
        ██████████████
      ████████████████
    ██████████████████
  ████████████████████ 
              ████████
              ████████

              ████████

              ████████
██████████████
LEVEL UP SYSTEM
   WITH REWADS
                ██████
              ████████
            ██████████
          ████████████
        ██████████████
    ██████████████████
  ████████████████████
█         ████████████████
█         ████████████████
█         ████████████████
█         ████████████████
   ██████████████████ 
     ████████████████
        █████████████
           ██████████
                █████
██████████████
 FREE BITCOINS
unamis76
Legendary
*
Offline Offline

Activity: 1512
Merit: 1003


View Profile
February 08, 2015, 02:49:48 PM
 #19

this looks really cool, i might give it a try later on.

in your first post you say install it on a non-rooted phone. is this essential, or will it work on a rooted phone as well?

It works on rooted and non-rooted as far as I know. But you're obviously more vulnerable if you install it in a rooted phone... (and the same goes for iOS and wallets on a jailbroken phone)
oh ok, thanks for answering my question. i have a rooted phone so that's why i was wondering.  Grin

You can install it, but I don't recomend you store big amounts of coins in that phone Smiley
EcuaMobi (OP)
Legendary
*
Offline Offline

Activity: 1862
Merit: 1468


https://Ecua.Mobi


View Profile WWW
February 08, 2015, 03:00:54 PM
 #20

this looks really cool, i might give it a try later on.

in your first post you say install it on a non-rooted phone. is this essential, or will it work on a rooted phone as well?

It works on rooted and non-rooted as far as I know. But you're obviously more vulnerable if you install it in a rooted phone... (and the same goes for iOS and wallets on a jailbroken phone)
oh ok, thanks for answering my question. i have a rooted phone so that's why i was wondering.  Grin

As a security measure this app doesn't require any permission at all. In a non-rooted phone the app can't override this, it simply can't access the Internet, store or read information from the device or anything else.

If you rooted your phone the app *could* acquire root privileges and do any of those things. It won't but you would have to trust and that defies the purpose of not requiring any permissions.

That's the main reason why using a non-rooted device is strongly recommended.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!