Author

Topic: ColdCard: why would you create a backup file? (Read 132 times)

copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I just got my Mk4 last week, it's my first ColdCard.  I've been having a little fun with it before I set up for coldish storage.  I'm starting to become attached to it however, I may need another for that original purpose.  An Mk3 would probably suit just fine, and I could use the Mk4 as my "daily driver."
I don't think Coldcard Mk3 is suitable for that, because it was exploited like I wrote before, and if your device is running outdated secure element ATECC608A than it makes it even less secure.
Check what version of bootloader is in your device but if you have v2.0.0 than your device is not safe from this exploit.
Read more information about that:
https://threadreaderapp.com/thread/1377362927729082368.html

Yeah, I've read about that attack vector, but it seems like any hardware wallet could be vulnerable to the same attack.  Currently I'm using a Trezor and we all know it's also vulnerable to a similar physical attack.  As you also mentioned in your post the updated bootloaders mitigate the possibility and I imagine (like a Trezor) a Bip39 passphrase would also mitigate this issue.  Not to mention, if I was to use the Mk3 for coldish storage, they'll have to break into my gun safe before they can break into my hardware wallet. 


The only advantages I see to the backup feature are quicker recoveries and cloning the ColdCard.  I could see myself using it for cloning, but for securing my seed or as an alternative to paper?  No way!  I don't trust anything as much as a good old-fashioned paper backup, copied and stored securely in sperate places.
If you can please post some review and comparison between mk3 vs m4.
I am interested to learn more about it and we may get more attention from mister Busy Nvk.

I wish I could, but I don't have an Mk3, this is my first ColdCard.  I don't even own any OpenDimes, and that seems like a tragedy all on it's own.  Cheesy


Although it does seem silly to backup your 24-Word seed phrase with a 12-word phrase, lol. 
It does sound extremely silly, and I don't trust sd cards for any long term storage, but I guess multiple copies mitigate the risks.

I'm not sure.  Digital media is a new technology, obviously.  It may be archival but for how long?  We won't know until we know.  Maybe when the first Egyptians put ink to paper there was a "Dire Wolf" poopooing the idea and saying stupid shit like "that's never going to last, just chisel that shit in stone like a man."
legendary
Activity: 2212
Merit: 7064
I just got my Mk4 last week, it's my first ColdCard.  I've been having a little fun with it before I set up for coldish storage.  I'm starting to become attached to it however, I may need another for that original purpose.  An Mk3 would probably suit just fine, and I could use the Mk4 as my "daily driver."
I don't think Coldcard Mk3 is suitable for that, because it was exploited like I wrote before, and if your device is running outdated secure element ATECC608A than it makes it even less secure.
Check what version of bootloader is in your device but if you have v2.0.0 than your device is not safe from this exploit.
Read more information about that:
https://threadreaderapp.com/thread/1377362927729082368.html

The only advantages I see to the backup feature are quicker recoveries and cloning the ColdCard.  I could see myself using it for cloning, but for securing my seed or as an alternative to paper?  No way!  I don't trust anything as much as a good old-fashioned paper backup, copied and stored securely in sperate places.
If you can please post some review and comparison between mk3 vs m4.
I am interested to learn more about it and we may get more attention from mister Busy Nvk.

Although it does seem silly to backup your 24-Word seed phrase with a 12-word phrase, lol. 
It does sound extremely silly, and I don't trust sd cards for any long term storage, but I guess multiple copies mitigate the risks.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I just got my Mk4 last week, it's my first ColdCard.  I've been having a little fun with it before I set up for coldish storage.  I'm starting to become attached to it however, I may need another for that original purpose.  An Mk3 would probably suit just fine, and I could use the Mk4 as my "daily driver."  But I digress.

The only advantages I see to the backup feature are quicker recoveries and cloning the ColdCard.  I could see myself using it for cloning, but for securing my seed or as an alternative to paper?  No way!  I don't trust anything as much as a good old-fashioned paper backup, copied and stored securely in sperate places.

As a digital backup, it's encrypted with a very strong password.  As Husires pointed out, the file is an encrypted 7z file, and the password is a 12-word phrase that the ColdCard generates randomly.  Although it does seem silly to backup your 24-Word seed phrase with a 12-word phrase, lol.  If I do start using my ColdCard regularly, I could see myself creating a couple of mSD cards for quick recovery in case something happens.

Here's the documentation for the backup feature: https://coldcard.com/docs/backups
legendary
Activity: 1596
Merit: 1288
ColdCard backup file is just a standard 7z archive file with AES-256 encryption by a strong password.
you can decrypt that file using any 7z archive tool and have full access of your funds.

Personally, I recommend you to ignore this option because it means that you will need to keep that data digitally, and to decrypt it you need a strong password, which needs to be either stored digitally (risk) or written on paper (the easiest is to use 12 words seeds), so it is an alternative option if you want ( like Core backup file)
legendary
Activity: 2730
Merit: 7065
The ColdCard wallet can create a backup file of its configuration https://coldcard.com/docs/backups . Other than for cloning, why would you do this?
Well, based on the source link you shared, there are differences between recovering your wallet with a seed and recovering through this backup option. The backup file saves and recovers all the settings you made in the ColdCard software. A recovery from seed doesn't.

I have never used a ColdCard, but I assume they have a way to either label addresses/UTXOs or create separate wallets with custom names. The backup file should be able to recover all these names that you used properly. A recovery from seed doesn't know the software changes you made.   
newbie
Activity: 4
Merit: 14
Great, thanks everyone; much appreciated.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Thank you Dave.  I suppose what I should have said was: if I don't make a backup file from my ColdCard, then lose the ColdCard, must I have made the backup file to recover, or is retrieving my seed phrase enough?  The info I've seen on this is contradictory.

All you need is the seed phrase.
Keep in mind that list of words are "the keys to the kingdom" ANYONE who has them has access to all your funds. Which is why it's so important to have a copy of them and make sure that copy is 100% secure from other people having access to them. If anyone gets them, they have your BTC.

-Dave
legendary
Activity: 2212
Merit: 7064
I believe there is an option to import seed words manually in Coldcard, and generate them with Dice Rolls.
I prefer keeping my seed words written in physical form either on piece of paper or on metal plates or stainless steel washers.
SD cards and similar flash memories can easily get corrupted, and you would lose everything because of this.
Something like this happened to one of my USB sticks that just reported error and now it's unusable.
newbie
Activity: 4
Merit: 14
Thank you Dave.  I suppose what I should have said was: if I don't make a backup file from my ColdCard, then lose the ColdCard, must I have made the backup file to recover, or is retrieving my seed phrase enough?  The info I've seen on this is contradictory.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Because.....why not.
Everyone has a slightly different view on security and backup options. This just gives you another one.
Would I use it. Probably not, but others might take a look at it and think that it works perfectly for them.
Better to have the option and not use it, then have fewer options.

-Dave
newbie
Activity: 4
Merit: 14
The ColdCard wallet can create a backup file of its configuration https://coldcard.com/docs/backups . Other than for cloning, why would you do this?  It would generate yet another passphrase to remember (and back up) and another sensitive file to keep up with.  I thought the whole point was that if you can simply remember/retrieve your 12-24 word seed phrase, you could recover your funds with any other wallet.  Am I missing something?

I ask because I recently read somewhere (can't find the link now) that with some hardware wallets, even if you know the BIP39 seed you still can lose funds if you need to recover and don't have a backup file from the wallet.  I'm kinda confused!

I'm all about properly archiving & securing my ColdCard's seed phrase, but I don't want to screw up by not making the backup file if it's really needed.  Again, for something other than cloning.
Jump to: