add Digital Bitbox hardware wallet

[douglasbakkum]

Shift Devices would like to add the Digital Bitbox hardware wallet to the list.

This pull request was created after following the instructions in the Wallets section of the README. We are happy to provide more information and a sample device in order to assist the review process as needed.

[laanwj]

Untested ACK

[wbnns]

This message is to confirm that Digital Bitbox is currently under review as per Bitcoin.org's wallet inclusion criteria.

[crwatkins]

@douglasbakkum thanks for this PR! In reviewing the scoring criteria submitted, I concur with all the scoring except for one administrative issue. Since we currently review hardware wallets separately from their software components, hardware wallets are all classified as

privacy: "checkneutralprivacyvariable"

Could you make this change to the PR (and remove the privacycheck scorings)?

[douglasbakkum]

@crwatkins Thanks for reviewing! We understand the admin reasoning. I updated and rebased the PR.

[crwatkins]

I have reviewed the Digital Bitbox based on the current wallet requirements criteria and my evaluation is below. The summary is that I can recommend this wallet for listing.

Note that as a "hardware wallet," only the hardware and firmware components of the device were evaluated. Wallet software that runs externally to the Digital Bitbox device was not evaluated in this review. As an aside, I would like to change this in the future and evaluate combinations of hardware and software as a wallet system, but that's for another day. The Digital Bitbox desktop application, alone and in conjunction with Copay, was used during this review, but not evaluated.

I concur with the current scoring in the pull request.

Digital Bitbox

Version 2.0.0

Review Version 2016121901

The wallet list is based on the personal evaluation of the maintainer(s) and regular contributors of this site, according to the criteria detailed below.

These requirements are meant to be updated and strengthened over time. Innovative wallets are exciting and encouraged, so if your wallet has a good reason for not following some of the rules below, please submit it anyway and we'll consider updating the rules.

NOTE The hardware device used for testing was supplied by Shift Devices to bitcoin.org at no cost

NOTE Only the hardware/firmware is being evaluated here. The wallet software running external to the device is ignored as out of scope.

Basic requirements:

• Sufficient users and/or developers feedback can be found without concerning issues, or independent security audit(s) is available

PASS An earlier version, V1.0.2 passed a security assessment by CENSUS https://census-labs.com in July 2015

NOTE Discussions https://www.reddit.com/r/Bitcoin/comments/4bvyhc/digital_bitbox_first_hardware_wallet_using/

• No indication that users have been harmed considerably by any issue in relation to the wallet

PASS No indication found using standard web searches with emphasis on bitcointalk.org and reddit.com

• No indication that security issues have been concealed, ignored, or not addressed correctly in order to prevent new or similar issues from happening in the future

PASS No indication found. Developers were very responsive and interested in issues during the review.

• No indication that the wallet uses unstable or unsecure libraries

PASS No indication. Elliptical curve library is from Bitcoin Core.

• No indication that changes to the code are not properly tested

PASS Unit tests can be found at https://github.com/digitalbitbox/mcu/tree/master/tests and test coverage, as seen here https://coveralls.io/github/digitalbitbox/mcu is currently at 92%.

• Wallet was publicly announced and released since at least 3 months

PASS Released 31 July 2016: https://twitter.com/DigitalBitbox/status/759827111230210048

• No concerning bug is found when testing the wallet

PASS No concerning bug was found

• Website supports HTTPS and 301 redirects HTTP requests

PASS http://digitalbitbox.com and http://shiftdevices.com redirect to HTTPS

• SSL certificate passes Qualys SSL Labs SSL test

PASS https://digitalbitbox.com and https://shiftdevices.com have A+ rating

• Website serving executable code or requiring authentication uses HSTS with a max-age of at least 180 days

PASS https://digitalbitbox.com and https://shiftdevices.com have max-age of one year

• The identity of CEOs and/or developers is public

PASS https://digitalbitbox.com/team

• Avoid address reuse by displaying a new receiving address for each transaction in the wallet UI

N/A The hardware is not involved in choosing receiving address (but the software component does display new addresses)

• Avoid address reuse by using a new change address for each transaction

N/A The hardware is not involved in choosing change addresses (but the software does choose new change addresses)

• If private keys or encryption keys are stored online:

N/A

• Refuses weak passwords (short passwords and/or common passwords) used to secure access to any funds, or provides an aggressive account lock-out feature in response to failed login attempts along with a strict account recovery process.

• If user has no access over its private keys:

N/A

• Provides 2FA authentication feature

• Reminds the user to enable 2FA by email or in the main UI of the wallet

• User session is not persistent, or requires authentication for spending

• Provides account recovery feature

• If user has exclusive access over its private keys:

  • Allows backup of the wallet

PASS Allows backup to micro SD card. Micro SD card contains a PDF that can be printed on a standalone printer.

• Restoring wallet from backup is working

PASS The wallet was restored from a backup on the SD card

NOTE The funds were also restored to another BIP44 compatible wallet by using the information on the SD card and http://digitalbitbox.com/backup (source at https://github.com/digitalbitbox/html_backup)

• Source code is public and kept up to date under version control system

PASS https://github.com/digitalbitbox/mcu

• If user has no access to some of the private keys in a multi-signature wallet:

NOTE The Digital Bitbox desktop app can work in conjunction with Copay to provide multisig signing of Copay transactions

• Provides 2FA authentication feature

• Reminds the user to enable 2FA by email or in the main UI of the wallet

• User session is not persistent, or requires authentication for spending

• Gives control to the user over moving their funds out of the multi-signature wallet

• For hardware wallets:

  • Uses the push model (computer malware cannot sign a transaction without user input)

PASS A button press on the device is required to sign a transaction

• Protects the seed against unsigned firmware upgrades

PASS Only signed firmware can be installed

• Supports importing custom seeds

PASS A custom seed was generated with https://digitalbitbox.com/backup and loaded into the wallet. It was verified that the hardware was using the same xprv as externally generated by comparing BIP32 addresses.

• Provides source code and/or detailed specification for blackbox testing if using a closed-source Secure Element

PASS Provides full source code at https://github.com/digitalbitbox/mcu with instructions for deterministic builds

Optional criteria (some could become requirements):

• Received independent security audit(s)

PASS An earlier version, V1.0.2 passed a security assessment by CENSUS https://census-labs.com in July 2015

• Does not show "received from" Bitcoin addresses in the UI

N/A Hardware does not display addresses (NOTE Desktop app does not show "received from" addresses)

• Uses deterministic ECDSA nonces (RFC 6979)

PASS A transaction was signed with both Digital Bitbox and pybitcointools, verifying RFC 6979 signatures with low S

• Provides a bug reporting policy on the website

PASS Has contact information at https://digitalbitbox.com/

• If user has no access over its private keys:

N/A

• Full reserve audit(s)

• Insurance(s) against failures on their side

• Reminds the user to enable 2FA in the main UI of the wallet

• If user has exclusive access over its private keys:

  • Supports HD wallets (BIP32)

PASS Uses standard BIP44 paths

• Provides users with step to print or write their wallet seed on setup

PASS Backups are saved to a micro SD card which contains a PDF file which can be printed

• Uses a strong KDF and key stretching for wallet storage and backups

PASS PBKDF2 is used for wallet passwords with 22,528 rounds

• On desktop platform:
  • Encrypt the wallet by default

N/A

• For hardware wallets:
  • Prevents downgrading the firmware

FAIL Downgrades are permitted, but Shift Devices is willing to consider modifying this policy if it would mitigate a vulnerability in a previous version

[wbnns]

Unless others object, this will be merged on Wednesday, December 28th.

@crwatkins Thank you sir!

[douglasbakkum]

@crwatkins We are happy to see the recommendation. Thank you very much for the thorough review, and the many helpful observations along the way!