Pages:
Author

Topic: ColdCard hardware wallet - page 5. (Read 2559 times)

hero member
Activity: 605
Merit: 634
April 18, 2019, 07:16:00 PM
#20
I don't have a Trezor, but have a couple of Ledger Nano S wallets. One seemingly unique feature is the MicroSD slot. From their docs:

Why does it have a MicroSD slot?

    The Coldcard can backup the seed into an encrypted file.
    New transactions to be signed, can be imported from the card.
    Public key data (xpub, receive addresses) can be written onto the card.
    Firmware upgrades can be done by copying the new firmware file onto a card.
    A skeleton Electrum wallet can be created on the card which allows Electrum to "pair" with the Coldcard, without it ever connecting to a USB port.

The second one, in particular is interesting, as it makes completely air-gapped transactions possible. I don't know of any others that can do that, at any price. There may be, I just don't know about them.
hero member
Activity: 1778
Merit: 764
www.V.systems
April 18, 2019, 11:59:21 AM
#19
The wallet looks to be pretty tiny and compact. I like it. Not a big fan of the transparent casing but I can get behind that as well. However, with "cheap" in the product's slogan, it still costs $100 for a single piece. That's nearly twice the price of a Trezor or a Ledger nano s..
hero member
Activity: 605
Merit: 634
April 04, 2019, 12:22:44 PM
#18
Bumping an old one, here. Today (April 4, 2019) there was a new firmware update for the Coldcard:   https://coldcardwallet.com/docs/upgrade

Electrum was apparently vulnerable to a phishing problem, this info from electrum.org:    Warning: Electrum versions older than 3.3 can no longer connect to public servers, and must be upgraded. This is in order to prevent user exposure to phishing messages. Do not download Electrum from any another source than electrum.org.

I bumped into this in a scary way. I don't trade in BTC, just buy and hold. I keep different cold/paper wallets for each year, so when (if?) I cash out, it will be easy to demonstrate it's over a year old, to help with long-term capital gains. A couple of times I needed to sell a little bit for bills. Rather than sweep the whole thing into an exchange wallet, the Coldcard/Electrum combo is great for this. Sweep paper wallet to Electrum, send a bit to the exchange to sell. I left the balance in Coldcard for a couple of days, when I started to send it back to paper wallet, it wouldn't sync.

I run Electrum in Linux from a command line, and there were many alien messages in the terminal. I used the seed words to create a new Electrum wallet, this time without the Coldcard hardware option. Still fail. I looked online, and found the problem, upgraded Electrum. Now the new wallet read everything fine. I like Electrum a lot, but this is a good example of why you should not depend on any one wallet for everything.

newbie
Activity: 3
Merit: 0
hero member
Activity: 605
Merit: 634
hero member
Activity: 605
Merit: 634
November 02, 2018, 08:17:11 AM
#15
Yes, that's all I did. This was on latest/upgraded Ubuntu. I haven't tried it on Tails.
jr. member
Activity: 98
Merit: 5
November 02, 2018, 01:11:41 AM
#14

EDIT a few minutes later
Got it working with Electrum 3.23  had to add 51-coinkite.rules to /etc/udev/rules.d   Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger

info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules

Is that all you did? Because I cannot get it to work (I'm using Tails). I am also like you, and have a Nano S. I cannot get that to work either (I haven't tried on Tails, but on debian).
jr. member
Activity: 98
Merit: 5
November 01, 2018, 01:04:28 PM
#13
[...]
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.

Huh ?

What kind of backup is being generated if you still need your 12 word mnemonic ?

Are you sure that you need your mnemonic seed to decrypt the backup file ??
IMO, this wouldn't make much sense. The mnemonic seed should be the backup itself.


As i have understood it, it generates a backup (= encrypted mnemonic seed) which needs a password(?) to be decrypted.

When you create a wallet, it will give you 24 bip39 words to write down. After creating the wallet, if you choose the backup option, it will give you a 12 word 'passphrase' (if you want to call it that) to encrypt the file.

The 'backup' is essentially a system image, which includes the seed, as well as system preferences.

You can read about how it works here:
https://coldcardwallet.com/docs/backups

'Background
The Coldcard is unique in that we offer a backup feature to save your wallet seeds to MicroSD card. Settings and other meta is saved as well. The encrypted file can be treated as any other file because we use AES-256 encryption, with a strong pass phrase.

Even using this feature, you should still have a paper-only copy of your 24 seed words. Use the encrypted backup feature for convenience and duplication.'
jr. member
Activity: 98
Merit: 5
November 01, 2018, 01:01:40 PM
#12

Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.


{snip} I have not tried p2sh-segwit. The latest Sept 11 firmware says:

Can create Electrum skeleton wallet for Segwit Native and Segwit P2SH now.
    caveat: the plugin is not ready yet for P2SH/Segwit, but Segwit native is fine


https://coldcardwallet.com/docs/upgrade  

I do like that Electrum 3.23 lets you upgrade the Coldcard firmware directly via USB, without an SD card.

Oops. hehe. Must have missed that part.

I agree. I like that option that Electrum provides.
hero member
Activity: 605
Merit: 634
November 01, 2018, 08:17:36 AM
#11

Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.


{snip} I have not tried p2sh-segwit. The latest Sept 11 firmware says:

Can create Electrum skeleton wallet for Segwit Native and Segwit P2SH now.
    caveat: the plugin is not ready yet for P2SH/Segwit, but Segwit native is fine


https://coldcardwallet.com/docs/upgrade  

I do like that Electrum 3.23 lets you upgrade the Coldcard firmware directly via USB, without an SD card.
legendary
Activity: 1624
Merit: 2481
November 01, 2018, 03:44:09 AM
#10
[...]
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.

Huh ?

What kind of backup is being generated if you still need your 12 word mnemonic ?

Are you sure that you need your mnemonic seed to decrypt the backup file ??
IMO, this wouldn't make much sense. The mnemonic seed should be the backup itself.


As i have understood it, it generates a backup (= encrypted mnemonic seed) which needs a password(?) to be decrypted.
jr. member
Activity: 98
Merit: 5
October 31, 2018, 07:51:44 PM
#9
It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.

However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".

I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.
jr. member
Activity: 98
Merit: 5
October 31, 2018, 07:49:49 PM
#8
I have one, and sort of like it so far. I got in on the startup thing, so I got it I think $10 cheaper. I have not put any BTC on it yet, still learning. I have a Ledger Nano S, but it seems that Coldcard has the ability to do a few unique things (most notably, sign transactions completely off-line).

I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.

I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.

I HODL, so all of this is just experimentation so far.

EDIT a few minutes later
Got it working with Electrum 3.23  had to add 51-coinkite.rules to /etc/udev/rules.d   Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger

info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules

Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.
hero member
Activity: 605
Merit: 634
October 25, 2018, 06:03:20 PM
#7
I have one, and sort of like it so far. I got in on the startup thing, so I got it I think $10 cheaper. I have not put any BTC on it yet, still learning. I have a Ledger Nano S, but it seems that Coldcard has the ability to do a few unique things (most notably, sign transactions completely off-line).

I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.

I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.

I HODL, so all of this is just experimentation so far.

EDIT a few minutes later
Got it working with Electrum 3.23  had to add 51-coinkite.rules to /etc/udev/rules.d   Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger

info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules
jr. member
Activity: 210
Merit: 6
September 29, 2018, 05:03:41 AM
#6
It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.

However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".

I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

Legit question... I would love if ColdCard developers can respond and answer this and other question people have,
but I must say that its for sure more easy to do this 'fake mailicious firmware' for other more popular hardware wallets.
HCP
legendary
Activity: 2086
Merit: 4363
September 28, 2018, 04:02:19 PM
#5
It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.

However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".

I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue
jr. member
Activity: 210
Merit: 6
September 25, 2018, 02:03:21 PM
#4
Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.

You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.

I agree with you that Trezor and Ledger are looking more attractive and with more features,
but when it comes to security... I think that ColdCard is a much safer option.
I would agree with you that price could be a bit cheaper... maybe around 49$
staff
Activity: 3500
Merit: 6152
September 23, 2018, 12:27:49 PM
#3
Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.

You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.
jr. member
Activity: 210
Merit: 6
September 21, 2018, 04:45:13 PM
#2
Here is the interview with creator of ColCard hardware wallet Rodolfo Novak

https://www.youtube.com/watch?v=HIMuJ6CXCM0

I think they created Opendime wallet before also


Has anyone tried to hack it or examine it from inisde ?
jr. member
Activity: 210
Merit: 6
September 19, 2018, 06:39:46 PM
#1
Has anyone used and tested ColdCard hardware wallet so far ?

https://coldcardwallet.com/


What is the Coinkite Coldcard? It's a Bitcoin hardware wallet, so it signs transactions and can be used offline.

    BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses.
    It knows how to understand transactions, so you can see what you are approving.
    The first PSBT (BIP 174) native wallet which can be used completely offline for it's entire lifecycle.

But it's different!

    NO specialized software required. It accepts standard PSBT transaction (BIP 174) stored on an MicroSD card.
    NO companion 'app' on your computer, works with the major wallets already (Electrum, and more to come).
    It's cheap! Simple packaging, plain design, no fancy boxes, no redundant cables.
    It's ultrasecure! Real crypto security chip. Your private key is stored in a dedicated security chip, not the main micro's flash.
    Easy back-up! MicroSD card slot for backup and data storage. This allows truly offline signing, by transferring the unsigned/signed transactions on sneakernet.
    Open source software design runs Micropython and you can change it.
Pages:
Jump to: