Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Proposal: Hardware Wallets For Build And Test

Discussion in 'Pre + Budget Proposal Discussions' started by Ryan Taylor, Jun 4, 2016.

  1. Ryan Taylor

    Ryan Taylor Well-known Member
    Dash Core Team Foundation Member

    Joined:
    Jul 3, 2014
    Messages:
    509
    Likes Received:
    1,597
    Trophy Points:
    263
    This is a cross-post from https://www.dashwhale.org/p/HW-wallet-build-test

    This proposal is to purchase three hardware wallets for our soon-to-be-released Electrum masternode functionality integration. We need the wallets for @flare to build and test the software from Mazaclub. The Trezor-functional wallet is now ready for acceptance testing, but we need to provide him with these devices to test each release as they are completed. We will also need them over the coming months / years for maintenace releases as Dash functionality is added to future Electrum releases.

    The costs below include shipping.

    Requested funding is as follows for the July 6th budget cycle:
    • 17.22 Dash for a KeepKey hardware wallet (125.00 EUR @ 0.89407 EUR per USD and $8.12 / Dash based on June 3rd average rate at https://bitinfocharts.com/comparison/price-dash.html)
    • 15.96 Dash for a Trezor hardware wallet (115.90 EUR)
    • 5.50 Dash for a Ledger Nano hardware wallet (39.90 EUR)
    • 5.00 Dash reimbursement for the proposal cost
    Total: 43.68 Dash

    Exchange rate risk is carried by flare and not by the network. However, any changes in the actual fiat cost associated with the purchase (e.g., unaccounted for customs fees) may result in additional reimbursements owed to flare.

    Manually vote YES on this proposal:
    dash-cli mnbudget vote-many e06c3e6488899e3c3407eb515c769112f1565dd5d1ecf6e4807c0fa9a13792d6 yes
    OR from the qt console:
    mnbudget vote-many e06c3e6488899e3c3407eb515c769112f1565dd5d1ecf6e4807c0fa9a13792d6 yes

    Manually vote NO on this proposal:
    dash-cli mnbudget vote-many e06c3e6488899e3c3407eb515c769112f1565dd5d1ecf6e4807c0fa9a13792d6 no
    OR from the qt console:
    mnbudget vote-many e06c3e6488899e3c3407eb515c769112f1565dd5d1ecf6e4807c0fa9a13792d6 no
     
    #1 Ryan Taylor, Jun 4, 2016
    Last edited: Jun 4, 2016
    • Like Like x 10
    • Informative Informative x 1
  2. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,939
    Likes Received:
    6,723
    Trophy Points:
    1,283
    YES please
    :D
     
  3. alex-ru

    alex-ru Grizzled Member
    Dash Support Group

    Joined:
    Jul 14, 2014
    Messages:
    2,366
    Likes Received:
    3,238
    Trophy Points:
    1,183
    Good idea, but I would have doubled the proposal (Hardware Wallets for 2 Dash developers, the rest budget allows it)
     
    • Agree Agree x 1
  4. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    711
    Likes Received:
    722
    Trophy Points:
    163
    I just voted yes; but I kindda feel like including all wallets is overkill no? It just adds maintenance and labor overhead, Trezor is number one, should be more than enough?

    Pablo.
     
    • Disagree Disagree x 1
  5. HinnomTX

    HinnomTX Active Member

    Joined:
    Jul 22, 2014
    Messages:
    166
    Likes Received:
    196
    Trophy Points:
    103
    I have the Trezor too. It is the go-to hardware wallet. But the KeepKey sure does look sexy.
     
    • Like Like x 1
    • Informative Informative x 1
  6. TaoOfSatoshi

    TaoOfSatoshi Grizzled Member
    Moderator

    Joined:
    Jul 15, 2014
    Messages:
    2,646
    Likes Received:
    2,596
    Trophy Points:
    1,183
    I think it's important to give end users as much choice as possible if we want to encourage adoption. I voted yes as well.
     
    • Agree Agree x 1
  7. Ryan Taylor

    Ryan Taylor Well-known Member
    Dash Core Team Foundation Member

    Joined:
    Jul 3, 2014
    Messages:
    509
    Likes Received:
    1,597
    Trophy Points:
    263
    The other things to consider here that I probably should have included in the OP...
    1) We get "free marketing" with every integration when these companies email their registered users and / or previous orders mailing lists with the announcement of Dash support. These are potentially new users who are already cryptocurrency users.
    2) We get news-worthy event we can approach publications with
    3) We get something for our PR firm to highlight
    4) We build our network of partners in the Bitcoin ecosystem, not only the companies themselves, but they can facilitate introductions, or simply create higher awareness of Dash among their partners, investors, employees (who change jobs within the industry by the way), and management teams
    5) We demonstrate the value of working with Dash to our other developing relationships and gain a reputation in the industry of being great to work with.

    Is one or two wallet providers "enough" in terms of providing a product to our users? Sure. But when you consider the full value of these relationships, it's a "no-brainer" to me. I encourage everyone to start thinking very strategically about these opportunities, instead of just evaluating the immediately obvious benefits.
     
    • Like Like x 5
    • Agree Agree x 5
    • Winner Winner x 2
  8. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    Thanks for voting :)

    Some crypto porn:

    upload_2016-6-8_11-55-33.png
     
    • Like Like x 10
    • Winner Winner x 2
  9. TaoOfSatoshi

    TaoOfSatoshi Grizzled Member
    Moderator

    Joined:
    Jul 15, 2014
    Messages:
    2,646
    Likes Received:
    2,596
    Trophy Points:
    1,183
  10. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    Even nicer:

    upload_2016-6-8_20-14-42.png
     
    • Like Like x 4
    • Winner Winner x 1
    • Optimistic Optimistic x 1
  11. Ryan Taylor

    Ryan Taylor Well-known Member
    Dash Core Team Foundation Member

    Joined:
    Jul 3, 2014
    Messages:
    509
    Likes Received:
    1,597
    Trophy Points:
    263
    @flare: What was the bug that you found with the KeepKey version? Glad it is working... can't wait for the formal release! I have my Trezor waiting.
     
  12. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    • Winner Winner x 1
  13. TaoOfSatoshi

    TaoOfSatoshi Grizzled Member
    Moderator

    Joined:
    Jul 15, 2014
    Messages:
    2,646
    Likes Received:
    2,596
    Trophy Points:
    1,183
  14. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,194
    Likes Received:
    1,115
    Trophy Points:
    1,183
    I might have to go to Prague. Trezor and CZ... Bucket list, approved.

    Wanted: waterproof trezor, because sailboat.
     
    #14 camosoul, Jun 16, 2016
    Last edited: Jun 16, 2016
  15. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,194
    Likes Received:
    1,115
    Trophy Points:
    1,183
    I've had a bug in my brain that I couldn't quite identify ever since I started researching these hardware wallets... A few minutes ago, it reached out from my unconscious mind and woke me up as it entered my conscious mind. As things my brain thinks of without my permission often do...

    The only real weakness I see in devices like this, is the deterministic seed itself.

    Take Trezor, for example.

    I noticed this when I saw how they were touting the keyspace math for 24 dictionary words compared to keyspace of a single password with letters, numbers, and symbols.

    It's not a true comparison because we know that dictionary words are being used, and we can even discover which ones simply by going through the setup process, or, duh, looking at the code. It's open source.

    Since the process is deterministic, and the source is pseudo-random, at best, given that it's dictionary... We don't have to attack a given device. We don't have to possess a device, or have a target in mind.

    All we have to do is possess a blockchain, and keep comparing addresses deriven from the same pile of dictionary words until we get a hit on an address that has been used somewhere in blockchain history.

    The space we actually have to search, we ignore. We don't give one flying fuck about the mathematical keyspace. We simply generate seeds in the same manner as the code shows us, as fast as we can, and see if the first 10 deriven addresses appear in the blockchain. If so, we have a valid seed. Automate sends to own address. Owner no longer has any money.

    The key is deterministic. The pseudo-random soucre can be thought of as pseudo-deterministic, because it's pattern is defined. Too many known rule sets...

    The more products are sold, the more we divide the search... We're not attacking a certain target, we're just jamming numbers until we hit a seed whose addresses show up in the blockchain. Just like mining, except the "block" is someone else's wallet, and the "validation proof" is the ledger... Sure, the seller of this device really hasn't got any fear of his customers ever deriving the same seed. But a fuckton of GPUs that are no longer good for mining, following the same pattern outlined in the source code...

    This indefinite pattern won't work on FPGAs or ASICs. All those GPU mining rigs tho...

    Perhaps building and comparing seeds is the new black hat GPU mining? Even if we were searching raw keyspace, that much firepower would work... If you're just looking for a single random address, that's not worth it. But if you strike a seed that's got some money on it, you could just sit and wait for it to show some serious balance and then send it to yourself. We already know how to run mining pools... The collective power of every GPU mining rig ever made, following known dictionary patterns, generating the keys in the same way as the device does... Divided by the number of buyers... Compare the outcome of address to the blockchain history for use... How could you NOT find the same seeds twice? It's not merely possible, it's inevitable.

    The antiquated crunching power that crypto depends upon could be the very thing that undoes the idea of deterministic wallets. And these hardware wallet devices use deterministic keys, invariably...
     
    #15 camosoul, Jun 18, 2016
    Last edited: Jun 18, 2016
    • Useful Useful x 1
  16. UdjinM6

    UdjinM6 Official Dash Dev
    Dash Core Team Moderator

    Joined:
    May 20, 2014
    Messages:
    3,633
    Likes Received:
    3,533
    Trophy Points:
    1,183
    @camosoul
    https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#security i.e. breaking seed itself is like breaking EC-curve - there is no way you can do this other than bruteforce and for breaking a single pair would take million of years afaik
    https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#from-mnemonic-to-seed - note that the salt includes passphrase so you can't generate all possible seeds - their number is infinite
    EDIT: unless user ignored passphrase and kept it "" but that's his own fault
     
    • Like Like x 1
    • Useful Useful x 1
  17. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,194
    Likes Received:
    1,115
    Trophy Points:
    1,183
    Ah, so their consumer-friendly description was overly dumbed-down to the point of being untrue.

    I think this still fails to account for several properties.

    1) The raw computing firepower available in GPU mining rigs. This is not inconsequential.
    2) The fact that we're not merely brute-forcing. We're brute-forcing with a known pattern.
    3) We don't actually have a keyspace target. This means the more people who use it, the more the keyspace is divided.
    4) Those rigs really have nothing better to do, so why not? Maybe you roll the dice and land on Bitcoin Jesus? What's the down side?

    Essentially, there are lots of needles in the haystack, we don't care which one we find, we have a magnet, and there is no penalty.

    Keyspace is still cosmically huge, but it's not utterly out of reach, as viewed from the perspective of attacking a specific key with an i3....

    Maybe this analogy isn't quite right, but it's almost a quantum concept... Why try to brute-force the password to my SSH server, when you can just try every password on every SSH server, and if one of them works, then you know which one after the fact.
     
  18. UdjinM6

    UdjinM6 Official Dash Dev
    Dash Core Team Moderator

    Joined:
    May 20, 2014
    Messages:
    3,633
    Likes Received:
    3,533
    Trophy Points:
    1,183
    I'm not sure which pattern you are referring to...
     
  19. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
  20. GermanRed+

    GermanRed+ Active Member

    Joined:
    Aug 28, 2014
    Messages:
    299
    Likes Received:
    109
    Trophy Points:
    113
    Good proposal. However, if any manufacturer out there is reading this thread, I wish that they make something without a USB or whatsoever connection to a PC. The USB firmware malware could be a concern. Without any connection, it would be nice to have a tiny camera to read a QR code from PC/phone to update the ledger and has a screen to show QR code for sending coins or importing key to a wallet on PC. And, 4-digit PIN sounds really easy to break in if one can open up the hardware and fiddle with it.
     
    • Disagree Disagree x 1
    • Useful Useful x 1
  21. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,194
    Likes Received:
    1,115
    Trophy Points:
    1,183
    So, can we put DASH in Trezor yet?
     
    • Like Like x 1
  22. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    Not yet, still trying to get hold of a Windows bug, but getting close.
     
    • Like Like x 2
  23. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
  24. Comodore

    Comodore Member

    Joined:
    Nov 8, 2015
    Messages:
    185
    Likes Received:
    97
    Trophy Points:
    88
  25. rustycase

    rustycase Active Member

    Joined:
    Apr 19, 2016
    Messages:
    497
    Likes Received:
    117
    Trophy Points:
    113

    Well, I just got my tit in the wringer because the fee was not added on, but subtracted from what I meant to send....
    Is anyone dealing with this issue ?

    Of course I realize there is a cost.
    Nothing is free in Waterworld.

    I would just prefer it be added on, rather than detract from my intention...

    YMMV
    rc
     
  26. rustycase

    rustycase Active Member

    Joined:
    Apr 19, 2016
    Messages:
    497
    Likes Received:
    117
    Trophy Points:
    113

    OMG !
    Boats have been known to sink !
    and hardware goes down with the boat !!!

    might as well have a paper wallet.

    am i rong ?
    rc
     
  27. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    upload_2016-7-30_19-35-44.png

    upload_2016-7-30_19-29-47.png
     
    • Like Like x 5
  28. Comodore

    Comodore Member

    Joined:
    Nov 8, 2015
    Messages:
    185
    Likes Received:
    97
    Trophy Points:
    88
    Great. And other funcionalities are allright?
     
  29. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    My KeepKey supports tDash/Testnet as well now - and it successfully started a testnet masternode :)

    upload_2016-7-31_18-58-32.png

    upload_2016-7-31_19-3-25.png

    upload_2016-7-31_19-3-58.png
     
    • Like Like x 4
  30. flare

    flare Administrator
    Dash Core Team Moderator

    Joined:
    May 18, 2014
    Messages:
    2,306
    Likes Received:
    2,436
    Trophy Points:
    1,183
    Last but not least: Ledger Nano in action. Normal wallet funtionality supported, masternode broadcast not. I'll need to get in touch with the vendor wether a firmware update could solve this...

    upload_2016-8-1_13-7-7.png

    upload_2016-8-1_13-7-28.png
     
    • Like Like x 3

Share This Page