Pages:
Author

Topic: ColdCard hardware wallet - page 4. (Read 2559 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
May 21, 2020, 05:28:05 PM
#40
Just as an FYI there is a possible attack vector on the Mk2 wallets. The Mk3 are safe. Not sure on the Mk1.
It's a difficult attack that requires a $200000 piece of equipment and you have to split open the case and desoldering the secure element among other things.

https://blog.coinkite.com/laser-fault-injection/

Not a major concern but it is out there.

Stay safe.

-Dave

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
March 28, 2020, 11:08:22 AM
#39
So the ColdCard / Coinkite people just came out with a new thing.
The Coldpower Adapter. It lets you power a USB device, like the cold card with a 9V battery.
This way you never have to plug your ColdCard into an unknown device for power.

Yeah, it's a little bit a lot paranoid but still cool.

Was thinking of getting one to see if I can actually get any sort of charge into a cell phone from it to.
Kind of like a last ditch I need a change thing.

-Dave
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
February 21, 2020, 07:13:13 AM
#38
There is a new firmware out as of 20-Feb
Something they have at the bottom but should be listed 1st:

Quote
IMPORTANT: This release is NOT COMPATIBLE with Mk1 hardware. It will brick Mk1 Coldcards.

A few other updates and additions:


Quote
HSM (Hardware Security Module) mode: give Coldcard spending rules, including whitelisted addresses, velocity limits, subsets of authorizing users ... and Coldcard can sign with no human present. Requires companion software to setup (ckbunker or ckcc-protocol), and disabled by default, with multi-step on-screen confirmation required to enable. Mk3 only.

Enhancement: New "user management" menu. Advanced > User Management shows a menu with usernames, some details and a 'delete user' command. USB commands must be used to create user accounts and they are only used to authenticate txn approvals in HSM mode.

Dropping support for the 1st gen and adding a feature that only works on the 3rd gen is not cool IMO, but I understand that hardware evolves and sometimes has to be replaced.

On the vert very slight chance there is a security issue in the 1st gens that comes out it's going to be interesting to see their reaction.
Will they fix it or will they just say get a new one?

-Dave
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
November 07, 2019, 01:16:00 PM
#37
Login Countdown looks interesting.
I don't quite get what perceived threat this is attempting to mitigate? Huh Surely it doesn't actually increase security in anyway? I mean, if someone has your PIN, they have your PIN... making them wait an extra few minutes doesn't change that fact... Is it meant to allow you time to restore your wallet/move the funds in the case that the device is stolen? Surely, a (decent) BIP39 passphrase achieves the same thing? Huh

I can only imagine that it would piss me off having to wait X seconds or X minutes every time I wanted to use the device... and I certainly can't imagine any scenario in which such a delay would need to be measured in "days"!!?! Shocked Shocked Shocked


1) Stops impulse buying of stuff.

2) If you are really only using it for long term storage, yeah if someone gets it and your pin and you have it set to a stupid long time then you have a better chance to move it with seed words. Spouse, kid, evil maid, what have you. They know your pin is 1234, they can get to it just about any time. But now they have to wait a week with it plugged in and hope you don't notice it's not there.

-Dave
HCP
legendary
Activity: 2086
Merit: 4363
November 07, 2019, 12:45:36 PM
#36
Login Countdown looks interesting.
I don't quite get what perceived threat this is attempting to mitigate? Huh Surely it doesn't actually increase security in anyway? I mean, if someone has your PIN, they have your PIN... making them wait an extra few minutes doesn't change that fact... Is it meant to allow you time to restore your wallet/move the funds in the case that the device is stolen? Surely, a (decent) BIP39 passphrase achieves the same thing? Huh

I can only imagine that it would piss me off having to wait X seconds or X minutes every time I wanted to use the device... and I certainly can't imagine any scenario in which such a delay would need to be measured in "days"!!?! Shocked Shocked Shocked
HCP
legendary
Activity: 2086
Merit: 4363
November 02, 2019, 02:39:59 PM
#35
ColdKite recently share their Coldcard Hardware Details at https://blog.coinkite.com/coldcard-hardware-shared/ and apparently you can build your own Coldcard.
This is actually very cool... I'm seriously tempted to give this a shot if I can find some spare time, just for the "fun" of it... however I suspect that it'll end up on my very long bucket list of "projects"  Undecided Tongue Roll Eyes

I know others have done similar things in the past using plans/firmware for the Trezor HWs:
https://www.instructables.com/id/Making-My-Own-Trezor-Crypto-Hardware-Wallet/
http://www.pitrezor.com/2018/02/pitrezor-homemade-trezor-bitcoin-wallet.html
hero member
Activity: 605
Merit: 634
October 11, 2019, 01:38:28 AM
#34
As always, I prefer local Truecrypt encoded USB keys. I enjoy exploring several hardware wallets. The USB option cost is near zero, and I can have many. If you are really into security, you can have a secondary wallet with a duress password.

If you whine about the cost of hardware wallets? WTF man, get a grip. And/Or buy some BTC. Wait a few weeks/months, the price of said hardware wallet is inconsequential.

Bah.
sr. member
Activity: 1190
Merit: 306
October 09, 2019, 10:12:44 AM
#33
Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.
Yeah for that amount I would not even think of purchasing it.  A ledger or keepkey are much less expensive and have a better design in my opinion. The Coldcard wallet is downright repulsive to me, but to each his own.

With all the hardware wallets on the market, one would think that an attractive design combined with a reasonable cost would be priority for the wallet developers, but that isn't the case here apparently.

the ColdCard looked cheap in the photos but holding in my hand it's worth the price.
Hmm.  Well, it might be an excellent wallet but even if it looks better in hand it's still a lot of money.
hero member
Activity: 605
Merit: 634
September 30, 2019, 11:22:02 PM
#32
Thanks Dave, I believe it's Gen 2,  I did do a firmware upgrade. I just now looked, and see there is a Gen3. I'll check for updates again.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 24, 2019, 09:16:09 PM
#31
I keep mine sealed in a gasketed plastic case. I got it out the other day, and some numerals were not typing. I will play around with it more before I panic, but I have seed words saved.
Gen 1 or Gen 2?

If it's Gen 1 some advice from the coldcardwallet site:

Quote
Touch pad is not doing what I want (Mark1 only)
Phantom keypresses have been a problem for some users. Here are some debug steps:

Install version 1.0.1 or later of the firmware.
Change the touch setting to suit your preferences and needs.
Press X twice before entering PIN; that selects the least sensitive mode.
Use a quality USB power supply. Often a battery pack is best for this.
Move to a different environment. Moisture in the air can be an issue.
One customer reported this:

I did some testing and it seemed that any computer plugged to the grid is plagued by noise, after connecting the wallet to an offline laptop running on battery power, I had zero issues with the touchpad.

Also, I have noticed when dealing with those types of contacts on other devices having some skin oil on your finger helps.
If your finger is too dry it does not work as well.

You can also reach out to their support: [email protected]

-Dave
hero member
Activity: 605
Merit: 634
September 24, 2019, 08:46:02 PM
#30
I keep mine sealed in a gasketed plastic case. I got it out the other day, and some numerals were not typing. I will play around with it more before I panic, but I have seed words saved.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 22, 2019, 09:22:39 AM
#29
I just got mine today - I am really enjoying using ColdCard + Electrum, and displaying my addresses on the display. Managing multiple wallets is easy, and i can unplug and keep unencrypted wallets watch-only to see the confirms roll in.    

I still like the Trezor, but ColdCard is a straightforward BTC/LTC only-wallet that can be used tethered, or setup as airgapped.   I tried it on wasabi, but i prefer how i can keep multiple wallets open in electrum.  

the ColdCard looked cheap in the photos but holding in my hand it's worth the price.  it's obvious someone put a lot of thought and pride into how these turned out. Great buttons on the v2. The serial number on the sealed bag matched the bag number located in the firmware for security during shipment too.  

imo if someone is btc-only and likes tactile buttons over touchscreens, i'd go with a ColdCard.  


And we have another convert to the ColdCard.
But you are correct, it looks cheap in the pictures. But I have had, and used and still use their opendime products so I didn't worry I knew they make good stuff.
I have both the old and the new model and use them both.

-Dave
sr. member
Activity: 420
Merit: 263
let's make a deal.
August 21, 2019, 10:51:48 PM
#28
I just got mine today - I am really enjoying using ColdCard + Electrum, and displaying my addresses on the display. Managing multiple wallets is easy, and i can unplug and keep unencrypted wallets watch-only to see the confirms roll in.    

I still like the Trezor, but ColdCard is a straightforward BTC/LTC only-wallet that can be used tethered, or setup as airgapped.   I tried it on wasabi, but i prefer how i can keep multiple wallets open in electrum. 

the ColdCard looked cheap in the photos but holding in my hand it's worth the price.  it's obvious someone put a lot of thought and pride into how these turned out. Great buttons on the v2. The serial number on the sealed bag matched the bag number located in the firmware for security during shipment too.  

imo if someone is btc-only and likes tactile buttons over touchscreens, i'd go with a ColdCard.  
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 06, 2019, 01:28:21 PM
#27
Quote
Export skeleton wallets for Wasabi Wallet https://wasabiwallet.io/ to support air-gapped use.

i was looking for a new desktop wallet and found out about this integration with coldcard.  i'm also impressed with the thoughtful design of the hardware down to the tamper-evident, clear case.   I have ordered a hardware v.2 to try out.

Good choice. I love mine.

I try keep bumping this thread whenever they update the firmware just to keep people in the loop. I have no affiliation with them but use mine a lot.

On a side note take a look at:

https://blog.coinkite.com/noise-troll/

That is just about the only vulnerability that has been found. And so far it's not proven and just about impossible to exploit. And lets be serious. If someone can compromise your USB port or cable on the PC you are using for your BTC you're screwed anyway.

Hmmmm, I have access to your usb. Let's do this incredibly complicated almost impossible hack...or just emulate a keyboard and type whatever the hell I want.....

-Dave



sr. member
Activity: 420
Merit: 263
let's make a deal.
August 04, 2019, 10:44:39 AM
#26
Quote
Export skeleton wallets for Wasabi Wallet https://wasabiwallet.io/ to support air-gapped use.

i was looking for a new desktop wallet and found out about this integration with coldcard.  i'm also impressed with the thoughtful design of the hardware down to the tamper-evident, clear case.   I have ordered a hardware v.2 to try out.
hero member
Activity: 605
Merit: 634
April 26, 2019, 08:39:16 AM
#25
Tx for info, Baofeng, I'll upgrade tonight. Love your radios, BTW.
legendary
Activity: 2576
Merit: 1655
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
April 20, 2019, 11:15:02 AM
#23
Not a bad deal there, really. I'm good on hardware wallets, I depend on cold wallets for real storage. What card storage would be more convenient for you? Many phones use that card, so it's handy in that aspect. Larger cards require/waste more circuit board real estate, and larger form factor.

I would like full SD.

Yes phones use the microSD but most (all?) laptops that have built in card readers use full size SD.
Same with desktops, I don't know of one that has a micro SD slot, those that do have full size SD.
I have many micro to regular SD adapters around. 2 or 3 at my office, 2 or 3 at home, probably 1 at my parents, etc.

Can I actually locate them. That is an entirely different answer.

Take ColdCard out of fireproof lock box, insert microSD, create transaction, stand in middle of room going where is an adapter. I thought there was one on the desk, nope. Did I put any over here, nope. Kitchen table where I was working yesterday, nope. Oh, look there is one in the corner of the over there next to the pile of old cell phones.

-Dave

hero member
Activity: 605
Merit: 634
April 20, 2019, 01:04:08 AM
#22
Not a bad deal there, really. I'm good on hardware wallets, I depend on cold wallets for real storage. What card storage would be more convenient for you? Many phones use that card, so it's handy in that aspect. Larger cards require/waste more circuit board real estate, and larger form factor.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
April 19, 2019, 02:02:39 PM
#21
I don't have a Trezor, but have a couple of Ledger Nano S wallets. One seemingly unique feature is the MicroSD slot. From their docs:

Why does it have a MicroSD slot?

    The Coldcard can backup the seed into an encrypted file.
    New transactions to be signed, can be imported from the card.
    Public key data (xpub, receive addresses) can be written onto the card.
    Firmware upgrades can be done by copying the new firmware file onto a card.
    A skeleton Electrum wallet can be created on the card which allows Electrum to "pair" with the Coldcard, without it ever connecting to a USB port.

The second one, in particular is interesting, as it makes completely air-gapped transactions possible. I don't know of any others that can do that, at any price. There may be, I just don't know about them.

That is actually how I use it, I have a wallet on my phone that is hot. If it gets compromised it will suck but it's not end of the world money, it's not even car payment money, it's I bought something in the collectibles section of the forum money.

For the big spends, with my cold BTC storage, the wallet never touches the internet.

Only complaint really is the MicroSD. Yes it's used everywhere, but you can't plug it into your PC / laptop without the micro to full-size adapter. Yeah, I know not a big deal but it would have been nice to have a full size one.

Shameless plug, I do have an original cold card up for sale if you want it
New & sealed:
https://bitcointalksearch.org/topic/wts-original-coinkite-coldcard-75-shipped-us-5126007

-Dave
Pages:
Jump to: