Our wallet review process
We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.
Application build test result
Update 2023-09-14: Seedsigner announced reproducibility with their latest release that they even gave the promising name The “It’s reproducible forever, Laura” Release. So we went and had a look how reproducible it is. After some initial hurdles, we were pointed to the correct build instructions. That looks easy. Let’s see how it goes … crossing fingers the public wifi in a café in the Bavarian countryside holds up …
$ git clone --recursive https://github.com/SeedSigner/seedsigner-os.git Cloning into 'seedsigner-os'... remote: Enumerating objects: 1025, done. remote: Counting objects: 100% (398/398), done. remote: Compressing objects: 100% (149/149), done. remote: Total 1025 (delta 295), reused 311 (delta 240), pack-reused 627 Receiving objects: 100% (1025/1025), 1.42 MiB | 4.23 MiB/s, done. Resolving deltas: 100% (499/499), done. Submodule 'buildroot' (https://github.com/seedsigner/buildroot) registered for path 'opt/buildroot' Cloning into '/home/leo/tmp/seedsigner-os/opt/buildroot'... remote: Enumerating objects: 505256, done. remote: Counting objects: 100% (3/3), done. remote: Compressing objects: 100% (2/2), done. remote: Total 505256 (delta 1), reused 1 (delta 1), pack-reused 505253 Receiving objects: 100% (505256/505256), 156.36 MiB | 11.58 MiB/s, done. Resolving deltas: 100% (334143/334143), done. Submodule path 'opt/buildroot': checked out '165046699ae0799a359466ce73d124127df77554' $ cd seedsigner-os $ git checkout 0.7.0 Branch '0.7.0' set up to track remote branch '0.7.0' from 'origin'. Switched to a new branch '0.7.0' $ git submodule update --init $ SS_ARGS="--$BOARD_TYPE --app-branch=0.7.0" docker-compose up --force-recreate --build Creating network "seedsigner-os_default" with the default driver Building build-images ...
… this step was already announced to take a while. And it does. The screen is
flying for half an hour straight already … will it end soon? Will it take
The 4CPUs are maxed out. Table is getting hot. …
reports the CPU to go above 90°C …
Anyway … one coke later it got to a result. Let’s see …
... build-images_1 | build-images_1 | Device Boot Start End Sectors Size Id Type build-images_1 | disk.img1 * 2048 53247 51200 25M c W95 FAT32 (LBA) build-images_1 | build-images_1 | The partition table has been altered. build-images_1 | Syncing disks. build-images_1 | mkfs.fat 4.2 (2021-01-31) build-images_1 | /opt/buildroot build-images_1 | a380cb93eb852254863718a9c000be9ec30cee14a78fc0ec90708308c17c1b8a /opt/../images/seedsigner_os.0.7.0.pi0.img seedsigner-os_build-images_1 exited with code 0
That hash matches the one reported on their release page. Let’s see if the binary for download actually has this hash:
$ wget https://github.com/SeedSigner/seedsigner/releases/download/0.7.0/seedsigner_os.0.7.0.pi0.img $ sha256sum seedsigner_os.0.7.0.pi0.img images/seedsigner_os.0.7.0.pi0.img a380cb93eb852254863718a9c000be9ec30cee14a78fc0ec90708308c17c1b8a seedsigner_os.0.7.0.pi0.img a380cb93eb852254863718a9c000be9ec30cee14a78fc0ec90708308c17c1b8a images/seedsigner_os.0.7.0.pi0.img
That looks good. This product is reproducible in the version tested with the hash provided.
The Seed Signer is a truly Open Source project that lowers the barrier for entry for airgapped multi-signature cryptocurrency hardware wallets. The code is publicly available as are the instructions for assembly.
It claims to solve the following problems:
- Creates a secure, air-gapped environment for private key generation
- Enforces strict separation between private key storage and protocol software / internet
- Lowers the barrier cost of multi-sig security (from several hundred to < $50)
Can the private keys be created offline?
Yes. The seed signer is airgapped.
Are the private keys shared?
No. The companion apps only get signed transactions and no keys.
Does the device display the receive address for confirmation?
Does the interface have a display screen and buttons which allows the user to confirm transaction details?
Is it reproducible?
SeedSigner does share binaries, so the question is if these binaries match the published and hopefully reviewed source code.
Alternatively there is the
GitHub Releases where as of
now “0.4.6” is the “latest” release. Both downloads had the same sha256 hash
So … how was this file created, so we can recreate it? There is not exactly “Build Instructions”. There is only a document with Manual Installation Instructions. And that is pretty involved. Its starting point is … you need an RPi. Not necessarily an RPi Zero 1.3 and the “Raspberry Pi Lite operating system, dated 2021-05-28”. Being specific is important for reproducibility but the next steps … are many and none of which to our knowledge is meant to make reproducible modifications to the system. While many packages that are to be installed are pinned to specific versions, this instruction:
sudo apt-get update && sudo apt-get install -y wiringpi python3-pip \ python3-numpy python-pil libopenjp2-7 git python3-opencv \ python3-picamera libatlas-base-dev qrencode
explicitly instructs to update to whatever the latest packages are on the remote server and install the given ten packages.
We might miss something here and might give it an actual try at some point but for now we go with our educated guess that this product is not verifiable.
If you want to use thhttps://snort.social/p/npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mglis product, do not trust the binary download. Go with the “Manual Installation Instructions” instead!
We had a little back-and-forth with the provider on Twitter.
Previous application build tests
|26th March 2022||0.4.5|
Our Analysis is not a full code review! We plan to make code reviews available in the future but even then it will never be a stamp of approval but rather a list of incidents and questionable coding practice. Nasa sends probes to space that crash due to software bugs despite a huge budget and stringent scrutiny.
Do your own research
In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.