So I just got my PiperWallet. For those of you not yet familiar with it the PiperWallet is an open-source hardware bitcoin wallet based Electrum running on a RaspberryPi paired with a built in thermal printer in what looks like a 3D printed chassis.
The basic idea is that managing cold wallets is hard and it doesn’t have to be.
Even though I have only started to play with the device overall I am impressed. Here are my initial observations:
- It was packaged well considering the volume in which they are produced;
- The quality of the casing is also good considering the volume;
- The cut outs are a little rough and are larger than the connectors they expose;
- The primary “indicator LED” that is used to show that the device is booting is not terribly bright;
- Without reading the instructions (or waiting a sufficiently long time) it’s not obvious when the device is ready;
- The print button LED is bright and of excellent quality;
- There is no positive feedback when the print button is pressed.
So far I am happy with the purchase though I need to do some more playing with it before I make any final conclusions.
With that said here are the things I think I would change if it were my product:
- Make the serial numbers on the paper wallets randomly generated; you un-necessarily leak information by using monotonically generated serials;
- Add tamper evident seals to the casing so that if the device is opened during shipping it is obvious;
- Add tamper evident seals or “plugs” over the ports exposed on the device, possibly even dummy plugs with seals so its clear nothing happened to the device as part of shipping;
- Add per-device fixed wallet keys to be used as a serial number to the back of each case (there is a wallet address but I believe this is an address of the Piper team);
- Use per device passwords shipping them on a form similar to the one I provided here;
- Replace the indicator LED with one with a similar brightness and quality to that used in the “print button”;
- Add a small LCD display that can be used to provide real-time feedback and status so it’s easier to use when headless;
- In the documentation included have the steps to verify what software is running on the device along with hashes to do so.