Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Author

Topic: Cold card connected to labtop (Read 125 times)

Pmalek
legendary
Activity: 2730
Merit: 7065
Farewell, Leo. You will be missed!
Cold card connected to labtop
February 17, 2024, 04:46:34 AM
#8
Quote from: tobornottob on February 10, 2024, 11:09:43 PM
During a recent spend from multisig, the coldcard component was usb connected to the labtop. Was the air-gapped nature of the coldcard compromised? Should I rebuild the wallet? Thanks
Your wallet can only be considered compromised if your private keys leaked to an internet-connected computer. That didn't happen in this case. If you don't like connecting your Coldcard to your computer, you might consider buying a Coldpower Adapter. It's a little device that takes power from a 9-volt battery and gives your Coldcard the juice it needs to do its work without connecting it to a computer or laptop. You can purchase it from the official store.

Quote from: Zaguru12 on February 11, 2024, 01:37:43 AM
Now the question that needs to be asked here is what type of computer was it connected to. Coldcard is an airgapped hardware wallet and good one. But in general time, the problem is if a device or let me say a hardware wallet is connected to a device or computer that is not totally airgapped then it also seizes to be airgapped.
The computer you connect your Coldcard to doesn't need to be airgapped. Use it with a power-only cable and it can't transmit any data. It only uses the power to run the Coldcard. Additionally, you bring the signed transaction from your Coldcard via a Micro SD card to be broadcasted on the internet-connected computer.
Yamane_Keto
sr. member
Activity: 406
Merit: 443
Re: Cold card connected to labtop
February 12, 2024, 09:30:38 PM
#7
If you are skeptical about whether USB is data in nature, you can use USBMonitor something like https://github.com/Eric-Canas/USBMonitor where you can customize data transfer with Coldcard, but in general, signing the message is safe and checking the address several times will reduce the possibility of Coldcard viruses. Using an open source OS is an added advantage.

It would be better for air-gapped devices to come with a built-in charging unit, QR only connection like passport, but I think regulations prohibit any charging units other than a USB type C cable, so this is the best you will get right now.
Zaguru12
hero member
Activity: 672
Merit: 855
Re: Cold card connected to labtop
February 11, 2024, 08:14:52 PM
#6
Quote from: _act_ on February 11, 2024, 04:08:30 AM
No. Coldcard is a hardware wallet, but that needs to connect to an online wallet like Electrum or Sparrow through a micro USB or the USB type C cable, depending on the model of the Coldcard hardware wallet. But I do not like this type of ways to sign bitcoin transaction, I like the use of QR code which as been proven as the most effective way to sign bitcoin transaction with the hardware wallet remain airgapped.

That means this Coldcard can be called then as an airgapped wallet pending how you use it, my best way of using this is to probably install this wallets like electrum that connects to it on an airgapped device and the have another device that sets as watch only wallet.

Also QR code is the best to me but that doesn’t mean it doesn’t have its own limitations because things like malwares similar to clipboard malware that changes receivers address can still be gotten if by any chance the QR code is altered maybe through generating it from a site
Cricktor
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
Re: Cold card connected to labtop
February 11, 2024, 10:21:04 AM
#5
I view a hardware wallet that uses an USB connection to transmit transaction data for signage as still not connected to a network or internet. In the context of networks such hardware wallets still remain sort of "air-gapped" because they simply don't talk to any network. Usually there's no firmware code to expose any key data via the USB connection (a notable exception is the Ledger hardware and firmware crap with its seed recovery service; a contender for the most stupid paradigm violation for hardware wallets).

The software wallet that talks with the hardware wallet is usually setup as a watch-only software wallet and thus doesn't know about any private keys of the wallet. This watch-only software wallet can be online without a risk to expose private keys because there are none in the reach of this software wallet.
_act_
hero member
Activity: 868
Merit: 1094
Re: Cold card connected to labtop
February 11, 2024, 04:08:30 AM
#4
Quote from: Zaguru12 on February 11, 2024, 01:37:43 AM
So if in your case you suspect that the computer is not fully airgapped then you might have to considered that airgapped nature of the hardware wallet already defeated.
No. Coldcard is a hardware wallet, but that needs to connect to an online wallet like Electrum or Sparrow through a micro USB or the USB type C cable, depending on the model of the Coldcard hardware wallet. But I do not like this type of ways to sign bitcoin transaction, I like the use of QR code which as been proven as the most effective way to sign bitcoin transaction with the hardware wallet remain airgapped.
Zaguru12
hero member
Activity: 672
Merit: 855
Re: Cold card connected to labtop
February 11, 2024, 01:37:43 AM
#3
Quote from: tobornottob on February 10, 2024, 11:09:43 PM
During a recent spend from multisig, the coldcard component was usb connected to the labtop. Was the air-gapped nature of the coldcard compromised? Should I rebuild the wallet? Thanks

Now the question that needs to be asked here is what type of computer was it connected to. Coldcard is an airgapped hardware wallet and good one. But in general time, the problem is if a device or let me say a hardware wallet is connected to a device or computer that is not totally airgapped then it also seizes to be airgapped. Most mistake people make is they connect some of this wallet to an online computer or a computer that has come online before, once this is done then it completely defeats the purpose of the airgapped hardware wallets.

So if in your case you suspect that the computer is not fully airgapped then you might have to considered that airgapped nature of the hardware wallet already defeated. Although one could say it is just once but you cannot tell what malware that the computer has and you got infected with. So if the computer is not full airgapped then you can consider rebuilding your hardware wallet again
BitMaxz
legendary
Activity: 3206
Merit: 2904
Block halving is coming.
Re: Cold card connected to labtop
February 11, 2024, 12:59:25 AM
#2
No, it won't compromised it operates the same as other hardware wallets the only use of this is to sign transactions and to power coldcard the seed/private keys are stored in specialized chips it is separate only store secret keys.

If you don't feel safe after you connect it to the laptop there is no problem if you want to rebuild your wallet. You can also disable data connection by going to settings and disable USB data so that the next time you plug it into the laptop it only needs power and no data connection.
tobornottob
newbie
Activity: 6
Merit: 0
Re: Cold card connected to labtop
February 10, 2024, 11:09:43 PM
#1
During a recent spend from multisig, the coldcard component was usb connected to the labtop. Was the air-gapped nature of the coldcard compromised? Should I rebuild the wallet? Thanks
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Jump to: