Store your bitcoins in a deck of cards
The most secure way to store coins offline.
I’ve read on several places the idea to use real-world entropy such as dice or cards to generate a seed to create bitcoin addresses.
Basing on that idea, I have create a simple Android app that allows users to generate up to 52 bitcoin addresses from a deck of cards.
You can get it here from Google Play:
It requires a device running Android 4.0+ with touchscreen.
- Easily enter the order of the cards by using spinners.
- Supports an optional password.
- Checks for repeated or missing cards, as well as miss-entered passwords.
- Allows the user to re-enter everything to double-check the generated wallet. This is to prevent sending coins to the void.
- Shows QR codes for the generated addresses and private keys.
- Allows individual sharing of an address or key, as well as bulk sharing of all generated addresses.
- Completely offline. The application does not requires permission to access the Internet, store files, or any other.
- Open source. The code is available here: https://github.com/ecuamobi/deck-wallet/
- You don’t need to enter the order of the cards using the keyboard, therefore it’s not vulnerable to malicious keyboards.
- Checks for repeated or missing cards.
- Allows the user to re-enter everything to double-check the generated wallet.
- 2FA: Option to enter a password (or more than one to create secondary wallets) besides the deck itself.
- Allows the generation on an extra wallet using a secondary password, thus protecting the main one against a physical attack (disclose the secondary password instead of the main one).
- Obscurity: An attacker won’t know there are bitcoins in that deck, even if they find it.
- Install Deck Wallet on a non-rooted Android device.
Important: Make sure to download only from either
and double check it does not require any permissions.
- Riffle shuffle a deck of cards 7 times or more.
- Select the number of cards to use. 52 is recommended.
- Enter every card on the app (it takes me about 4 or 5 minutes to do so).
- Optionally enter a password you won’t forget (it’s not possible to recover it!).
- Touch “Go!” to generate up to 52 bitcoin addresses. It will generate as many addresses as the number of entered cards.
- Optionally, copy the order of the cards into another deck, as backup.
- Double-check your deck wallet: Touch the ‘Check’ icon and re-enter the same password and card order.
- After checking it, send some bitcoins to your deck wallet and store your deck of cards in a safe place.
How it works
- The entered cards are converted to 2-char strings and concatenated. For example 3 of hearths is represented as 3H. 10, Jack, Queen and King are represented as T, J, Q and K respectively.
- If a password is entered, it is pre-pended to the resulting string.
Example seed: myPasswordAH4CTS9D…KHQS
- The first address is calculated as a brain address, using SHA256 from the full generated seed. The result is the same as manually entering the full string into http://bitaddress.org or other similar tool.
- The second address is calculated from the seed except the first card is moved to the end (Example: myPassword4CTS9D…KHQSAH)
- The third address is calculated from the seed except the first 2 cards are moved to the end (Example: myPasswordTS9D…KHQSAH4C) and so on.
- To check the generated wallet, the double SHA256 of the full seed is temporarily stored on RAM.
- Nothing is stored permanently and nothing is sent or received through Internet (the app doesn’t have permission to do that).
If you find this app useful, please consider donating:
It is provided “as is”, without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement.
Originally announced (by myself) here.