Share this page!

Maybe Scrolly?
Keith Mukai Profile picture
Twitter logo
Jul 30, 2021 8 tweets 6 min read
1/ So psyched to get the RHR shoutout today from @MartyBent and @ODELL!

Tons of fun stuff happening in @SeedSigner. Here's a quick walkthrough:

First, quickly generate a brand new seed w/high entropy via the onboard camera! (coming in the next release). RIP dice rolls. Image
2/ The full 720x480 image is run through SHA-256 to generate your 24-word mnemonic. The full image is never displayed (only the center crop). The image is never saved.

@SeedSigner is stateless so everything goes away when you turn it off. ImageImage
3/ Next you can do the manual QR code transcription using the dedicated UI and our grid template.

This one took me 13 minutes. You can be way sloppier and go much faster than this. QR codes are amazingly resilient to errors.

ImageImage
4/ I print the template on 110# cardstock paper to give it some stiffness. Then cut and prep it for the thermal laminator. ImageImage
5/ Thermal laminators are f'n cool.
6/ But your real backup should be metal. Hello, @blockmit_com!

Badass self-sovereignty group photo right here! ImageImage
7/ Give it a try. Scan this with your phone. The stream of numbers you get back are the four-digit indices of the BIP-39 wordlist for each word, in order.

1364 pride
0098 arrange
0811 grace
etc ImageImage
8/ Biggest criticism: But now it's too easy for someone to snap a pic of your seed QR!

* What, are you doing this in a coffee shop?! Um, private spaces only.

* Always use a BIP-39 passphrase (implemented in @SeedSigner by @newtonick!)

* Multisig so each key is less important.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Keith Mukai

Keith Mukai Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KeithMukai

Keith Mukai Profile picture
Feb 7
#ProofOfWork for @SeedSigner Week 4:

v0.5.0 PSBT flow getting so close to a complete first draft!

Nothing is final, but we've figured out solutions for so many of the challenging UI and complex tech problems in this area.

Not final. Not perfect. But getting REALLY F'N GOOD!
But first a side note: A ton of work went into this @SpecterWallet release.

You'll see me continue to contribute to Specter where I can. I am full-time SeedSigner, but guess how I spend my evenings and weekends? More coding!

I have no life, y'all.

Back to @SeedSigner: As the project keeps growing we have to keep stepping up our documentation and tutorial game.

My English teacher background makes these tasks actually strangely enjoyable.

Read 13 tweets
Keith Mukai Profile picture
Feb 7
ALMOST through the hardest parts of @SeedSigner's PSBT review screens.

BIG breakthrough: realizing we can confirm change addrs much more easily than previously thought!

We can instantly provide assurances that single sig change addrs are legit. Multisig requires a 2nd step. Image
"35c5d905: change #0" means:

* For the seed that we selected to sign this psbt (ID'ed by its fingerprint)...
* The addr from the psbt was confirmed to match the seed's first (#0) change addr.

This is undeniably my seed's correct change addr. My change is not being stolen.
And, yes, probably the "confirmed address for seed" label could be improved. So f'n hard to convey complex concepts in limited real estate!

"confirmed change address"?

"confirmed from seed"?

"seed ownership confirmed"? (meh)

I really want the word "confirmed" in there.
Read 5 tweets
Keith Mukai Profile picture
Feb 6
Experimenting with this @SeedSigner PSBT warning screen.

If your coordinator software gives you an evil PSBT that steals your change output, this would call that out.

But legit txs can obv be a full spend, too.

So too scary or confusing for noobs? Better wording ideas? Image
Obv a noob could misconstrue "input value" with "OMG is it stealing my WHOLE WALLET?!!"

But I think noobs are unlikely to ever construct a tx that spends exactly a whole utxo (and so wouldn't see this warning) unless they're actually sweeping their whole wallet.
The other possibility is that they're trying to sign with the wrong key.

(though me may be able to prevent this from happening, too)

Read 5 tweets
Keith Mukai Profile picture
Feb 6
Learning a lot more about what info @SeedSigner can pull out of a #Bitcoin PSBT.

What if you try to sign a PSBT w/the wrong seed? How do we detect that it is the wrong seed? Should we try to stop you or are there edge cases where it's better to let you try?

Live demo thus far!
@SeedSigner IF it makes sense to still offer the "Sign PSBT" button on what looks like the wrong seed, how should that be indicated?

The added question mark isn't super helpful, but there isn't much room to work with either. Image
And how does the seed/PSBT check work? We check each input utxo's `bip32_derivations` list which is generated by the `embit` library.

IF we find derivations AND the fingerprint within at least one of them matches our seed, THEN we know it's a valid seed for that PSBT. Image
Read 4 tweets
Keith Mukai Profile picture
Jan 17
Been collecting random easy-to-source metal plates to try to work out a super low budget, under-the-radar version of the awesome @SeedSigner SeedQR plates that @SeedMint21 has been testing.

My improvised versions obv won't be as nice nor as durable, though.
These credit card-sized bottle openers (wha..., why?) make the best impression of the bunch. Thicker and studier than they look. Shiny, smooth, w/nice rounded edges.

No indication of what grade of stainless steel. Assume meh.

But only $1.25 each!

amazon.com/gp/product/B08…
Also testing a new QR template using dot targets instead of the inner grid, as suggested by @SeedMint21.

I think the dot targets are a bit better; there's less visual clutter. The overall scale on these plates is pretty small, but it's all easier on my eyes than I expected.
Read 8 tweets
Keith Mukai Profile picture
Jan 16
Basic demo of @SeedSigner experimental "breathing" caution box UI concept for dangerous screens.

But the real work is under-the-hood: a new reusable threading class for components with independent side loops.
Unfortunately threaded code is REALLY HARD to get right.

I did not get it right.
(it "breathes" but nothing else!)

Simple bug I'll get resolved soon or showstopper that'll make me abandon this approach? Dunno. Welcome to the fun of real-time coding!
Reason to feel optimistic: This was my first result!

After seeing this sh*tshow I deleted all my changes and gave up... but then reconsidered & tried again, yielding the "success" (such as it is) above.

With threading, it's always ddawn darkest before the dadawn arkest befdawno
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Like this author's thread?

Get emails when @KeithMukai has new unrolls!

Check out other threads from @KeithMukai!

Read all threads by @KeithMukai

:(