ColdCard: why would you create a backup file?

DireWolfM14

copper member

Activity: 2142

Merit: 4219

Join the world-leading crypto sportsbook NOW!

Quote from: dkbit98 on June 21, 2022, 01:44:41 PM

Quote from: DireWolfM14 on June 20, 2022, 09:28:57 PM

I just got my Mk4 last week, it's my first ColdCard. I've been having a little fun with it before I set up for coldish storage. I'm starting to become attached to it however, I may need another for that original purpose. An Mk3 would probably suit just fine, and I could use the Mk4 as my "daily driver."

I don't think Coldcard Mk3 is suitable for that, because it was exploited like I wrote before, and if your device is running outdated secure element ATECC608A than it makes it even less secure.
Check what version of bootloader is in your device but if you have v2.0.0 than your device is not safe from this exploit.
Read more information about that:
https://threadreaderapp.com/thread/1377362927729082368.html

Yeah, I've read about that attack vector, but it seems like any hardware wallet could be vulnerable to the same attack. Currently I'm using a Trezor and we all know it's also vulnerable to a similar physical attack. As you also mentioned in your post the updated bootloaders mitigate the possibility and I imagine (like a Trezor) a Bip39 passphrase would also mitigate this issue. Not to mention, if I was to use the Mk3 for coldish storage, they'll have to break into my gun safe before they can break into my hardware wallet.

Quote from: dkbit98 on June 21, 2022, 01:44:41 PM

Quote from: DireWolfM14 on June 20, 2022, 09:28:57 PM

The only advantages I see to the backup feature are quicker recoveries and cloning the ColdCard. I could see myself using it for cloning, but for securing my seed or as an alternative to paper? No way! I don't trust anything as much as a good old-fashioned paper backup, copied and stored securely in sperate places.

If you can please post some review and comparison between mk3 vs m4.
I am interested to learn more about it and we may get more attention from mister Busy Nvk.

I wish I could, but I don't have an Mk3, this is my first ColdCard. I don't even own any OpenDimes, and that seems like a tragedy all on it's own. Cheesy

Quote from: dkbit98 on June 21, 2022, 01:44:41 PM

Quote from: DireWolfM14 on June 20, 2022, 09:28:57 PM

Although it does seem silly to backup your 24-Word seed phrase with a 12-word phrase, lol.

It does sound extremely silly, and I don't trust sd cards for any long term storage, but I guess multiple copies mitigate the risks.

I'm not sure. Digital media is a new technology, obviously. It may be archival but for how long? We won't know until we know. Maybe when the first Egyptians put ink to paper there was a "Dire Wolf" poopooing the idea and saying stupid shit like "that's never going to last, just chisel that shit in stone like a man."

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: DireWolfM14 on June 20, 2022, 09:28:57 PM

I just got my Mk4 last week, it's my first ColdCard. I've been having a little fun with it before I set up for coldish storage. I'm starting to become attached to it however, I may need another for that original purpose. An Mk3 would probably suit just fine, and I could use the Mk4 as my "daily driver."

I don't think Coldcard Mk3 is suitable for that, because it was exploited like I wrote before, and if your device is running outdated secure element ATECC608A than it makes it even less secure.
Check what version of bootloader is in your device but if you have v2.0.0 than your device is not safe from this exploit.
Read more information about that:
https://threadreaderapp.com/thread/1377362927729082368.html

Quote from: DireWolfM14 on June 20, 2022, 09:28:57 PM

The only advantages I see to the backup feature are quicker recoveries and cloning the ColdCard. I could see myself using it for cloning, but for securing my seed or as an alternative to paper? No way! I don't trust anything as much as a good old-fashioned paper backup, copied and stored securely in sperate places.

If you can please post some review and comparison between mk3 vs m4.
I am interested to learn more about it and we may get more attention from mister Busy Nvk.

Quote from: DireWolfM14 on June 20, 2022, 09:28:57 PM

Although it does seem silly to backup your 24-Word seed phrase with a 12-word phrase, lol.

It does sound extremely silly, and I don't trust sd cards for any long term storage, but I guess multiple copies mitigate the risks.

DireWolfM14

copper member

Activity: 2142

Merit: 4219

Join the world-leading crypto sportsbook NOW!

I just got my Mk4 last week, it's my first ColdCard. I've been having a little fun with it before I set up for coldish storage. I'm starting to become attached to it however, I may need another for that original purpose. An Mk3 would probably suit just fine, and I could use the Mk4 as my "daily driver." But I digress.

The only advantages I see to the backup feature are quicker recoveries and cloning the ColdCard. I could see myself using it for cloning, but for securing my seed or as an alternative to paper? No way! I don't trust anything as much as a good old-fashioned paper backup, copied and stored securely in sperate places.

As a digital backup, it's encrypted with a very strong password. As Husires pointed out, the file is an encrypted 7z file, and the password is a 12-word phrase that the ColdCard generates randomly. Although it does seem silly to backup your 24-Word seed phrase with a 12-word phrase, lol. If I do start using my ColdCard regularly, I could see myself creating a couple of mSD cards for quick recovery in case something happens.

Here's the documentation for the backup feature: https://coldcard.com/docs/backups

Husires

legendary

Activity: 1582

Merit: 1284

ColdCard backup file is just a standard 7z archive file with AES-256 encryption by a strong password.
you can decrypt that file using any 7z archive tool and have full access of your funds.

Personally, I recommend you to ignore this option because it means that you will need to keep that data digitally, and to decrypt it you need a strong password, which needs to be either stored digitally (risk) or written on paper (the easiest is to use 12 words seeds), so it is an alternative option if you want ( like Core backup file)

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Katie656 on June 17, 2022, 10:15:18 AM

The ColdCard wallet can create a backup file of its configuration https://coldcard.com/docs/backups . Other than for cloning, why would you do this?

Well, based on the source link you shared, there are differences between recovering your wallet with a seed and recovering through this backup option. The backup file saves and recovers all the settings you made in the ColdCard software. A recovery from seed doesn't.

I have never used a ColdCard, but I assume they have a way to either label addresses/UTXOs or create separate wallets with custom names. The backup file should be able to recover all these names that you used properly. A recovery from seed doesn't know the software changes you made.

Katie656

newbie

Activity: 4

Merit: 14

Great, thanks everyone; much appreciated.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: Katie656 on June 17, 2022, 10:54:39 AM

Thank you Dave. I suppose what I should have said was: if I don't make a backup file from my ColdCard, then lose the ColdCard, must I have made the backup file to recover, or is retrieving my seed phrase enough? The info I've seen on this is contradictory.

All you need is the seed phrase.
Keep in mind that list of words are "the keys to the kingdom" ANYONE who has them has access to all your funds. Which is why it's so important to have a copy of them and make sure that copy is 100% secure from other people having access to them. If anyone gets them, they have your BTC.

-Dave

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

I believe there is an option to import seed words manually in Coldcard, and generate them with Dice Rolls.
I prefer keeping my seed words written in physical form either on piece of paper or on metal plates or stainless steel washers.
SD cards and similar flash memories can easily get corrupted, and you would lose everything because of this.
Something like this happened to one of my USB sticks that just reported error and now it's unusable.

Katie656

newbie

Activity: 4

Merit: 14

Thank you Dave. I suppose what I should have said was: if I don't make a backup file from my ColdCard, then lose the ColdCard, must I have made the backup file to recover, or is retrieving my seed phrase enough? The info I've seen on this is contradictory.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Because.....why not.
Everyone has a slightly different view on security and backup options. This just gives you another one.
Would I use it. Probably not, but others might take a look at it and think that it works perfectly for them.
Better to have the option and not use it, then have fewer options.

-Dave

Katie656

newbie

Activity: 4

Merit: 14

The ColdCard wallet can create a backup file of its configuration https://coldcard.com/docs/backups . Other than for cloning, why would you do this? It would generate yet another passphrase to remember (and back up) and another sensitive file to keep up with. I thought the whole point was that if you can simply remember/retrieve your 12-24 word seed phrase, you could recover your funds with any other wallet. Am I missing something?

I ask because I recently read somewhere (can't find the link now) that with some hardware wallets, even if you know the BIP39 seed you still can lose funds if you need to recover and don't have a backup file from the wallet. I'm kinda confused!

I'm all about properly archiving & securing my ColdCard's seed phrase, but I don't want to screw up by not making the backup file if it's really needed. Again, for something other than cloning.

Topic: ColdCard: why would you create a backup file? (Read 117 times)