Topic: Coldcard Mk4 NFC Spec for developers - page 2. (Read 521 times)

It means that instead of you having to trust one secure element, now you have to trust two secure elements and I don0t think that is good.
My guess is they will use standard ATECC608A (or ATECC608B) like now, in addition with NXP secure element that is often used in in smart cards that use NFC feature.
So now you understand why they have two secure elements, it's only because of their NFC chip  

Until Trezor release this, it's probably best to have old Thinkpad laptop with live linux OS and Electrum wallet.
Use dices to generate seed words, and this will your best hardware wallet.

That is why they made their own version of website and made is sort of reproducible, but it's still not open source
They should remove open source (and soon Air-gapped) claims from their website.

It's not just physically, it's all connection with other devices, including wi-fi and bluetooth, NFC only has lower range than wi-fi
NFC = Near-field communication
https://en.wikipedia.org/wiki/Near-field_communication

I'm not sure I'm following.. Wouldn't two (closed source or not) secure elements mean less trust? As in: if one has a backdoor, it only has access to half the seed instead of full seed. Also: if one is vulnerable & an exploit is developed, the other one remains secure & 'half seed' is still protected?
It definitely depends on the implementation; doing half-half might not even be that smart, I think there are cryptographic mechanisms which would be better suited to 'splitting' the seed.

Definitely still a big fan of Trezor without secure element myself, though. This way it's reproducible to build and a truly open source device. The known seed extraction attack admittedly needs quite a bit of advanced tools and knowledge.
Best would be an open-source secure element; I think Trezor is actually working on one, excited to see how it's going to turn out.

You know what? I just checked their GitHub and website again and cannot find mention of exact license used. The GitHub has an empty license file, I mean it just contains:

While in March 2020 it contained GPLv3 license.

I find it very suspicious though that the builds are not reproducible (https://walletscrutiny.com/hardware/coldcardMk3/).

Regarding airgap, NFC is really a kind of grey line. Similarly to USB cables (maybe even easier) you can interact with the device with very little user intervention, which is marketed as a feature, but poses a large security risk.
Meanwhile, if you need to transfer a micro SD card manually, or scan QR codes with both devices it's hard to see a scenario where someone tricks another person to do that in a malicious way.

However, the definition of air-gap usually refers to something not being physically connected (with a cable), so in that case you could call NFC and even Bluetooth wallets (which we all know is a bad idea, right) 'air-gapped'. It's tricky and I think you will never find a common ground with NVK, but I say: let the market decide.

I think that adding two closed source secure elements in hardware wallet is not very smart, or should I say it's stupid decision.
NVK and Coldcard developers are going full crazy mode, first they removed reference about using original Trezor code they forked, than they made up their own changed license and they fake call it ''open source'' that is actually not,
and now they are adding one more trust layer with additional secure element from different manufacturer  
It's worse than Ledger is doing and they are going in opposite direction of open source, plus addition of NFC is making their hardware wallet NOT air-gapped device anymore.
I would much rather use old laptop with Tails OS than Coldcard Mk4 at this point.
Deal with it NVK. it's the truth and everyone knows it.

They don't give you any choice if they enabled NFC by default.
I can also disable and remove wi-fi in my laptop but it's not because developers made that available, and 99% won't ever do that.
Point is that with NFC Coldcard is not airgapped anymore.
Open Source
Airgapped
Whats next? Maybe going full closed source...

Don't worry, you won't damage a PCB trace using a plastic microSD card, in my opinion. You really need to put a knife to it.
Not sure about the design choice either; seems a very odd place to put such 'fuse'. Only idea that comes to mind is that you may be able to scrape it without opening the device up; though it seems to me ColdCard is easy to open anyway.

Look at comments to the tweet. It's really funny that this little tiny scrap point that provides NFC functionality locates near an SD card slot. That means you can destroy it simply by accident by carelessly inserting your SD card. The developers seem to be telling you that you should make a choice between the two methods of air-gapped communication. You either use NFC functionality or SD card, but not both at the same time because the usage of the latter will likely result in crippling the former. Honestly, I can't think of any other reason why they made that design choice. It seems that developers don't care much about NFC itself, they are just following market trends, which is why they add features the market desires. If users started to destroy NFC chips for whatever reason, the developers are gonna be happy anyway since it would make their devices even more secure.

Me too, I think the first time I see this! The concept is not new though: when setting up multisig with multiple hardware wallets, it's often recommended to use different wallets with different secure elements, since this is usually the only component not open source, so the one point that requires some trust. The trust is reduced though if ordering from different vendors, different factories and different production locations.
Hence I like having a wallet from the U.S., as well as something from Europe as an example!

@HCP here is some more information and first look from the inside of the new Coldcard Mk4 hardware wallet ontheir  coinkite substack page.
You also have the answer to your question about shipping, they say it will be handled later when the device is ready for sending.

Coldcard Mk4 (announced in 2022)


https://coinkite.substack.com/p/coldcard-mk4-early-bird-reservation

And this is how ColdCard Mk3 looks from the inside, so we can notice some major design changes on PCB.
I was surprised when I found out that you can even purchase old and now insecure Coldcard Mk2 wallet on some websites like blockstream store for $99, and it's in stock  
https://store.blockstream.com/product/coldcard-mk2/

Coldcard Mk3 (announced in 2019)


Coldcard Mk2 (insecure because of old secure element ATECC508A)



Coldcard Mk1 (announced in 2017)

That's a little annoying if they're going to ask for shipping later... I suppose that one could reasonably expect the costs to be the same as for the current shipping on the Mk3, but you never really know. Especially given that there is no firm shipping dates as yet.

I've dropped a question in their Telegram channel to seek clarification, hopefully I get a reply before the $40 discount disappears.


EDIT: they have indeed confirmed that all you are paying for is reserving a device... so you will need to pay an additional amount for shipping when the device is ready to ship.

This is only pre-order so you are just paying reservation for you Mk4 Coldcard wallet, they will probably notify you with email when shipping is ready and if you need to pay more for that.
At the moment free shipping option is only available if you spend $390 or more on Coinkite products, and I doubt they will send it for for worldwide, maybe it will be available for Canada and United States.
After adding five Coldcard Mk4 wallets in my Cart I got free delivery option for my order, but I won't complete that order.

I see people already complaining about NFC, so NKV is saying they can disable it manually by just scraping that little gold trace:
https://twitter.com/nvk/status/1436367391991242754

I'm a little confused by the pre-order. It gives me the option to pay, but there doesn't seem to be any shipping costs. So, is that part of the pre-order deal that you get free shipping as well? Or are they going to come back in the future and ask for further payment for shipping?

If I try to purchase a Mk3, it gives me 3 different options (postal, Fedex or DHL)... but in the Mk4 pre-order, it skips over the shipping options straight to the payment option?

EDIT:
And sadly, it looks like the 5% off for BTC payment doesn't work with the pre-order:


Nothing subtracted and the amount of bitcoin it is asking for works out to US$109 (according to preev)

That is one very sweet price with a nice discount EARLY-BIRD $40 Off and I think that you can get 5% more discount if you pay with Bitcoin, but this reservation price offer is available only for one day I think.
I see they did some small redesign, buttons are now not all rounded, type C connector, better processor, more RAM, controversial NFC added, and I first time I see any hardware wallet with two secure elements.
Screen looks a bit bigger and more clear to to me, plastic is less blurry and probably with better quality.
This also means that support for MK3 and older versions will not last for very long, but they say that production of MK3 will not stop yet.
I am interested to see how this new version compares in real life with MK3 and other airgap wallets like Keystone.
If you need to buy Bitcoin only hardware wallet this would be a better option than ledger or trezor, but I still prefer if they revert back to open source license (NVK can you hear me? )

So the Mk4 is now available for preorder at a lower price then the Mk3 from coldcard:


Link to preorder: https://store.coinkite.com/store/coldcard
Link to blurb about it: https://coldcard.com/docs/coldcard-mk4

I do like the 2x secure elements idea if it means that parts of the encrypted data are in 2 different locations with 2 different chips allowing for a bit more security.

-Dave

I agree with you that camera + qr codes are safer option than using sd cards (that can be removed and replaced), but only if those codes can be verified easy.
If qr codes are done like in case of Safepal hardware wallet than you can't verify anything and you don't know exactly what you are transacting.
Keystone wallet is doing this the right way with open source, and I think it's similar with Passport wallet, maybe you can confirm that n0nce.

There are much better ways to spend than messing with phones all the time, but I am not saying they are not useful and can be used even for bitcointak forum.
We made smartphones something like out third arm extension, and I saw people getting super scared when thinking they lost their smartphone, like their all life is located in that device.

---

Back on ColdCard topic, looks like they are preparing some new product called Coinkite cards (TapSigner, SatsCard), they should be cheap and multisig.
Maybe this will be competition for Satochip/Satodime or Tangem NFC cards, and they will probably launch this together with new ColdCard Mk4 wallet.
I just love new stuff coming out in HW world


https://coinkite.cards/

About the highlighted part: I actually think by now, that camera / QR code communication is one of the most secure ways, probably even better than moving an SD card around. The reason is that an SD card is pretty much the easiest thing for a PC virus to manipulate as soon as you plug it in. Every program on a computer has access to external media, in 99% of cases (also the case with SD-card based hardware wallets), while it's harder to tap into an open 'camera session' - even more so when using sandboxed mobile apps, which is probably the most common use case with such a device.

So it may actually be more secure to add a camera and remove the SD card ability than the other way around. Of course, the Passport has both so my argument doesn't really hold here, except if you just don't use the SD card feature altogether.

I want to point out here that I'm not a total fan of the Passport, it's just my only camera-capable hardware wallet at the moment. In fact, I would highly advise not (!!!) to buy one at the moment, at least not the first version, mostly because of the insanely fast battery drain problematic. I feel like I need to quickly finish my review, but it will all make more sense once you guys will read it.

Since we're already super off-topic anyway, here another topic idea: people who already tried or plan on trying to 'go back' to kind of pre-smartphone time. What I mean is: it should be pretty obvious that you lose tons of time on a smartphone daily; even though a few things are quicker / save time, most people spend a lot of time on them which could be better used. For example for educating, time with close friends and family and real hobbies. Most people don't even have a hobby these days; which is obvious if the average screen time is like 4h+ Of course for us cypherpunks it's also interesting to cut down on surveillance and data collection. But I think another thread would be cool for this topic! Might whip something up later.

Yes I know they are making additional attack vectors this way and I am not defending them, just trying to be neutral in this situation if possible, and I have bad things to say about coldcard wallet.
If we think this way than we should know that regular computers, laptops and smartphones have the biggest attack vectors from all devices, they have connections for cameras, wifi, bluetooth, internet connection, etc... even if they are airgapped.

I think that bluetooth is much more dangerous than nfc because of wider range, and it sucks that even Trezor is considering adding that in their new hardware wallet device
I probably won't ever use any hardware wallet with bluetooth or wireless connection either, but I just checked one list of hardware wallets and saw there are more of them with NFC chips:

- KeyWallet Touch
- Asamacura
- SatoChip/Satodime
- ColdLar Touch
- D'CENT Card Wallet
- KeyCard
- Sugi
- Tangem Card
- Arculus
...

You should really opt out from using smartphones and start using old mobile phones, use it only for calls, because you are increasing attack vectors a lot, and you are tracked 24/7.
I am not sure but I think that NFC technology is also found in sim cards and many other devices, so trying to escape from it is almost impossible.
I think that credit card is a kind of primitive security device, you have your PIN code and you can use it for payments or withdrawing money, it has security written all over it.
And you can't have zero attack vectors in any device, so nfc is just a less evil than other things

No, but if my Chase Visa gets compromised and someone runs up thousands of dollars in charges it's not my problem beyond making a phone call and letting them know about it. A cold card is not a credit card, it's a security device. They added something to it to make it more convenient to use. Same as the camera on the passport. The odds of either being compromised are very very very....add many more very small. But they are not zero. And you don't need it. You need a screen. You need a way to input information. That's it.

Once again IMO your views might vary.

-Dave

Now we're going to start looking like Ledger haters, but from what I've seen so far, I believe them implementing NFC would actually result in successful wormhole attempts on day one

It remains to be seen if Coinkite can provide a secure implementation, but it's true as DaveF says that it's an additional attack vector. I guess that point can be made about any wallet with more than one means of communication. In theory, having a single one is enough, right. So I would argue Passport should have no SD card slot and do only the QR codes. But sometimes you use a PC without webcam and suddenly you wish it had USB or SD card ability... ^^

I agree that cutting out unnecessary firmware code makes sense though, like removing the hidden Snake game they added, which I also provided as feedback.
I guess that I wouldn't use a wallet with Bluetooth myself though, so I may be applying double standards here, potentially accepting NFC but rejecting Bluetooth, I'm aware of that Probably it depends on your threat model and use-case and you should definitely buy a wallet that has the features you want, but still fulfilling your security requirements. Which differ per-person and per-usecase.

There is no perfect protection for any devices or technology and NFC is no different, but I think that some hardware wallets are already using NFC technology, and it was trail and tested for years with credit cards.
One thing is for sure, NFC is much more safe than bluetooth because it uses radio waves with much shorter range, and it's not broadcasting information all the time.
 
I don't think this is possible, because you are not keeping your hardware wallet in public places, and you shouldn't take it with you all the time as a keychain or around your neck.

Who is saying that you would overpay for anything?
Regular NFC cards cost only few bucks online and I don't see them breaking all the time.
I have no idea how Coldcard will implement NFC, and I am not their supporter for sure, but I am interesting to see any innovation in this space.

Did you stop using your credit cards or did you notice any major change or security issue with them since they added NFC support?
You can't even control that in your credit card, and I think hardware wallet could offer a way to turn it off if you don't want to use it.
Let's wait and see if NFC will be the thing to destroy ColdCard... oh how I wish that ledger added NFC first  

Why why why do businesses keep adding things to security devices?
Yes I like the idea of a camera or nfc or other stuff. Give me the option of buying something without it.
I don't want any way of communicating that is not needed.
It's just another point of vulnerability.
Can a camera be hacked? Probably not. Can the controller chip in the camera that talks to the rest of the device be hacked to display something other then what is there. Yes.
Can we trust NFC? To a point. Even with the antenna wire cut, is it still there as some other thing that may have a vulnerability? Yes.

-Dave

NFC wormholing and similar attack vectors are always possible on a physical level, which should be pretty obvious. However, they can be mitigated through the implementations, so we can't say that NFC per se will be secure or insecure. One such protection, which was not in place when credit cards were wormholed, is time checking. Literal 'time of flight' of the data being exchanged can indicate if the device is under attack by estimating the distance between the two devices, since the signal can't travel faster than the speed of light.

Similar attacks are possible when using QR codes as well, though obviously much harder, if possible at all without the victim noticing.

I also think that more people will be able to check that the PSBT data is legit if it's transmitted via QR code and SD, because you can literally read out and verify the SD card / scan the QR code and verify the PSBT as well. Most people don't have NFC readers however, so e.g. a malicious firmware update that leaks more data through NFC than it should (just one example) can't be spotted as easily.

It'll be much more convenient than SD card airgap, while being much more secure than wallets that use Bluetooth. However, in my opinion QR code scanning back & forth is still by far the best option. It just ticks all the boxes; while being just slightly more cumbersome than an NFC connection.
* Fast to perform
* Easy to verify data
* Air-gapped operation
* Tricky to tap into

Coinkite should have added a camera & maybe simply used Passport's open source camera code that Foundation team added, since the codebase is forked from Coldcard itself.