Foundation Passport Official Thread - page 17.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: foundationdvcs on May 08, 2023, 02:42:04 PM

The latest version of Passport firmware, v2.1.0, has been released!

Please note that this is our largest release in some time and also brings Founder's Edition up to date with Batch 2 devices, unifying our firmware. As this is such a large update, we'd love for you all to test it as much as you can before we announce it more widely.

Highlights of this release:

- Backporting v2.1.0 firmware to Founder’s Edition
- Sending to Taproot addresses
- A new Key Manager Extension for BIP 85 and Nostr key support and export
- BIP 85 SeedQR exports

For the full release notes, browse Github or read our blog post below:

https://foundationdevices.com/2023/05/passport-version-2-1-0-is-now-live/

NOTE: Since we are now releasing both firmware files from the same repo, the file naming has changed slightly. "Batch 2" devices use the same naming scheme for firmware as before:

Code:

v2.1.0-passport.bin

but Founder's Edition is now named explicitly to avoid confusion:

Code:

v2.1.0-founders-passport.bin

First impressions of the passport2 firmware (v2.1.0 release version) on the Founders Edition hardware:

Large dark UI areas and color gradients don't work really well in monochrome (maybe I just need to get used to it). I'd appreciate a 'light mode' at least as a software option, or maybe just as default.
QR code recognition is blazing fast, no complaints there. QR code enters the picture and it's immediately picked up.
Whole user interface feels faster, snappier than before!

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: satscraper on May 13, 2023, 04:14:59 AM

Maybe everyone except me. I have never though that model T is secure. It lacks secure element.

Those HW that have secure element are quite different thing.

Keep in mind that secure elements come with no disclosure agreements. If the company's security department finds or knows about a possible vulnerability, they aren't allowed to go public about it. For all we know, there could be a way to attack these chips with physical access (most probably not remotely), but someone would have to come out and say it. They won't and can't because they are bound by NDAs. A valid question would be, why is there a need for an NDA if everything is as secure and safe as advertised?

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: o_e_l_e_o on May 13, 2023, 03:25:21 AM

[Everyone was sure Trezors were perfectly safe, until it was demonstrated that it is possible to extract a seed phrase from a Trezor in under 15 minutes with some fairly basic equipment. T

Maybe everyone except me. I have never though that model T is secure. It lacks secure element.

Those HW that have secure element are quite different thing.

Quote from: o_e_l_e_o on May 13, 2023, 03:25:21 AM

Maybe, but it'll be pretty easy to figure out when my relatives or I find a hardware wallet in my house. Commit it to memory only and the coins are lost forever.

Sure, it is better to have paper based backup, just for the case.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Quote from: satscraper on May 13, 2023, 02:56:21 AM

How it can be extracted if the wallet is in my hands only.

No one is immune to theft. Assuming you are is a mistake.

Quote from: satscraper on May 13, 2023, 02:56:21 AM

I think to extract it from nonvolatile memory of secure element it has to be in the hands of the highly skilled reverse engineers (they can be counted on the fingers of one hand) equipped with highly sophisticated equipment, and I'm not sure if such equipment even exists.

In a perfect world, maybe, but we don't live in a perfect world. Everyone was sure Trezors were perfectly safe, until it was demonstrated that it is possible to extract a seed phrase from a Trezor in under 15 minutes with some fairly basic equipment. The only way to be sure that data can't be extracted is for it not to be there in the first place.

Quote from: satscraper on May 13, 2023, 02:56:21 AM

in this case you will also forget what your paper backups are for

Maybe, but it'll be pretty easy to figure out when my relatives or I find a hardware wallet in my house. Commit it to memory only and the coins are lost forever.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: o_e_l_e_o on May 13, 2023, 02:13:00 AM

I don't want my passphrase to be stored on a hardware wallet at all. If it is stored on the hardware wallet, then there always exists the possibility that it can be extracted from the hardware wallet. Y

Amused.

How it can be extracted if the wallet is in my hands only.

I think to extract it from nonvolatile memory of secure element it has to be in the hands of the highly skilled reverse engineers (they can be counted on the fingers of one hand) equipped with highly sophisticated equipment, and I'm not sure if such equipment even exists.

So all such type concerns which have flooded Internet are unwarranted.

Even if it happens that wallet will be steeled or lost there will a time to move the funds into safer place.

P.S. I have both ledger nano s and s+ and recently have acquired Passport. Wink

At least it will be useful to implement based solely on HW multi-signature option for storing my funds.

Quote from: o_e_l_e_o on May 13, 2023, 02:13:00 AM

brain injury can make you forget your own name.

in this case you will also forget what your paper backups are for

o_e_l_e_o

legendary

Activity: 2268

Merit: 18775

Ledger have this option of permanently attaching a passphrase to a secondary PIN, so you don't have to enter the passphrase each time. When I had a Ledger device, I deliberately did not use this feature for the reasons given above. I don't want my passphrase to be stored on a hardware wallet at all. If it is stored on the hardware wallet, then there always exists the possibility that it can be extracted from the hardware wallet. Yes it's a small inconvenience to enter it every time I need to use the wallet, but I put up with much bigger inconveniences in the name of security.

I also have multiple different passphrases, and so attaching only one of these to a secondary PIN doesn't solve the issue for any of my other passphrased wallets.

Quote from: n0nce on May 12, 2023, 06:40:25 PM

Especially if you don't back up your Passphrase, you really want to make sure to memorize it well. There's actually no better memorization technique than frequent repetition.

All my passphrases are firmly committed to memory, but I still have paper back ups of them all. Doesn't matter how well you have memorized something - a brain injury can make you forget your own name.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: n0nce on May 12, 2023, 06:40:25 PM

Quote from: satscraper on May 11, 2023, 12:42:28 PM

Quote from: n0nce on May 11, 2023, 10:54:05 AM

Quote from: satscraper on May 10, 2023, 09:44:58 AM

Obvious thing that SEED+password must be hidden behind the second PIN. Make it 12-digits long and left 3 valid attempts to enter and I am sure no one will pass through the barrier.
[...]
I have 20 characters long password and beside the burden of entering it each time this is one more point of frustration for me when even single wrong character infiltrates the typing.

Why don't you just use a 12-digit numeric passphrase then?

12-digit numeric passphrase is not equal to mix of 20 characters consisting of digits, caps, small letters and special characters.

Correct. But if you use a device that allows you to access a wallet which is supposed to be protected by a 20-character BIP-39 Passphrase by just entering a 12-digit PIN, you've essentially reduced the security level of your wallet to the security of a 12-digit numeric Passphrase.

I guess that further security measures on the hardware wallet (like a maximum number of attempts) can increase the security of the device again, whilst the 20-character passphrase secures your seed phrase backups, but modern attacks can actually defeat such counters. In the end, it all depends on your attacker model.

What is largely bothered me is the password brute-forcing if someone will manage to get somehow my SEED but not physical access to my device.

In the case of his physical access, if any will take place, 12-digit PIN with 3 valid attempt will be enough to protect my security, the probability to break it will be as small as 3/10 ¹² and those probability will be tested by human hands not by machine/s as in the case of brute-forcing.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: satscraper on May 11, 2023, 12:42:28 PM

Quote from: n0nce on May 11, 2023, 10:54:05 AM

Quote from: satscraper on May 10, 2023, 09:44:58 AM

Obvious thing that SEED+password must be hidden behind the second PIN. Make it 12-digits long and left 3 valid attempts to enter and I am sure no one will pass through the barrier.
[...]
I have 20 characters long password and beside the burden of entering it each time this is one more point of frustration for me when even single wrong character infiltrates the typing.

Why don't you just use a 12-digit numeric passphrase then?

12-digit numeric passphrase is not equal to mix of 20 characters consisting of digits, caps, small letters and special characters.

Correct. But if you use a device that allows you to access a wallet which is supposed to be protected by a 20-character BIP-39 Passphrase by just entering a 12-digit PIN, you've essentially reduced the security level of your wallet to the security of a 12-digit numeric Passphrase.

I guess that further security measures on the hardware wallet (like a maximum number of attempts) can increase the security of the device again, whilst the 20-character passphrase secures your seed phrase backups, but modern attacks can actually defeat such counters. In the end, it all depends on your attacker model.

Quote from: satscraper on May 11, 2023, 12:42:28 PM

I am gradually began to adopt myself to their implementation of password feature and see at least one positive moment in entering password each time after rebooting , namely, such procedure will stamp firmly that password into my memory.

Interesting; if I think about it, I agree! Especially if you don't back up your Passphrase, you really want to make sure to memorize it well. There's actually no better memorization technique than frequent repetition.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: n0nce on May 11, 2023, 10:54:05 AM

Quote from: satscraper on May 10, 2023, 09:44:58 AM

Obvious thing that SEED+password must be hidden behind the second PIN. Make it 12-digits long and left 3 valid attempts to enter and I am sure no one will pass through the barrier.
[...]
I have 20 characters long password and beside the burden of entering it each time this is one more point of frustration for me when even single wrong character infiltrates the typing.

Why don't you just use a 12-digit numeric passphrase then?

12-digit numeric passphrase is not equal to mix of 20 characters consisting of digits, caps, small letters and special characters.

Quote from: n0nce on May 11, 2023, 10:54:05 AM

Personally, I find the Passport keypads and form factor very comfortable for entering even long PINs and passphrases, so I like the current implementation.

My experience with Passport is not so long as yours. Only two days have passed since the moment when I got it into my hands.

First impressions.

Form factor is good but sure not for frequent travelers like me who has to pass through customs borders a few times a month, I am still afraid of custom controls. I would prefer to have it even not in the form of the old-style cell phone. Maybe something like ordinary calculator with in-front functions to calculate would be better to disguise real thing, who knows.

I am gradually began to adopt myself to their implementation of password feature and see at least one positive moment in entering password each time after rebooting , namely, such procedure will stamp firmly that password into my memory.

Quote from: n0nce on May 11, 2023, 10:54:05 AM

If we now start implementing what's basically a PIN-based passphrase 'bypass', suddenly something built-in into Bitcoin that is universally seen as a very strong extra layer of security, may suddenly be quite insecure depending on wallet implementation used. One wallet may allow you to bypass / 'unlock' the passphrase through a simple numeric 4-digit PIN, another may require you to enter it completely and so on.

No one prohibits Foundation to implement PIN-based passphrase 'bypass' option alongside with already existing one-time passphrase choice. So, what you said is not really an argument.

Quote from: n0nce on May 11, 2023, 10:54:05 AM

I like the current implementation.

their clients base is more wider than a single person.

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: satscraper on May 10, 2023, 09:44:58 AM

Obvious thing that SEED+password must be hidden behind the second PIN. Make it 12-digits long and left 3 valid attempts to enter and I am sure no one will pass through the barrier.
[...]
I have 20 characters long password and beside the burden of entering it each time this is one more point of frustration for me when even single wrong character infiltrates the typing.

Why don't you just use a 12-digit numeric passphrase then?

Quote from: satscraper on May 10, 2023, 09:44:58 AM

Ledger did it. Why Foundation did not?

Ledger did many things; not all of them are great. Wink

I can't answer this for you, but I assume it comes down to their explanation above (i.e. security).

The BIP39 passphrase is meant to add a reliable amount of extra security. If we now start implementing what's basically a PIN-based passphrase 'bypass', suddenly something built-in into Bitcoin that is universally seen as a very strong extra layer of security, may suddenly be quite insecure depending on wallet implementation used. One wallet may allow you to bypass / 'unlock' the passphrase through a simple numeric 4-digit PIN, another may require you to enter it completely and so on.

Personally, I find the Passport keypads and form factor very comfortable for entering even long PINs and passphrases, so I like the current implementation.

satscraper

hero member

Activity: 714

Merit: 1298

Quote from: foundationdvcs on May 10, 2023, 07:54:05 AM

Quote from: satscraper on May 10, 2023, 01:26:29 AM

Can not get why Foundation has decided to not store the 25th-word-extension for SEED and forced users to enter that password each time after rebooting device.

I am using that password as the second security layer for my funds and seeing such solution as very inconvenient approach.

This is so that it actually provides an additional layer of security for your funds on Passport. If we stored the passphrase on the device, anyone with the PIN would be able to steal funds and the extra security of your passphrase would be pointless! It's a very intentional security decision to require it on each bootup.

Obvious thing that SEED+password must be hidden behind the second PIN. Make it 12-digits long and left 3 valid attempts to enter and I am sure no one will pass through the barrier.

Is this so difficult to implement?

Ledger did it. Why Foundation did not?

I have 20 characters long password and beside the burden of entering it each time this is one more point of frustration for me when even single wrong character infiltrates the typing.

foundationdvcs

copper member

Activity: 101

Merit: 255

Quote from: satscraper on May 10, 2023, 01:26:29 AM

Can not get why Foundation has decided to not store the 25th-word-extension for SEED and forced users to enter that password each time after rebooting device.

I am using that password as the second security layer for my funds and seeing such solution as very inconvenient approach.

This is so that it actually provides an additional layer of security for your funds on Passport. If we stored the passphrase on the device, anyone with the PIN would be able to steal funds and the extra security of your passphrase would be pointless! It's a very intentional security decision to require it on each bootup.

Quote from: satscraper on May 10, 2023, 01:26:29 AM

In this regard, what is the press-number-expectancy for buttons on the board of Passport? In other words, how many pressing does the button endure before it goes to out-of-commission state?

I don't have a hard number for you, but AFAIK we have had zero units with failed keypads due to use to date and did extensive in-house testing before shipping the first Passport.

satscraper

hero member

Activity: 714

Merit: 1298

Can not get why Foundation has decided to not store the 25th-word-extension for SEED and forced users to enter that password each time after rebooting device.

I am using that password as the second security layer for my funds and seeing such solution as very inconvenient approach.

In this regard, what is the press-number-expectancy for buttons on the board of Passport? In other words, how many pressing does the button endure before it goes to out-of-commission state?

foundationdvcs

copper member

Activity: 101

Merit: 255

Quote from: dkbit98 on May 09, 2023, 05:26:56 PM

Quote from: foundationdvcs on May 08, 2023, 02:42:04 PM

- Backporting v2.1.0 firmware to Founder’s Edition

I think owners of old Founder's Edition will be happy hearing this.
Do you still have some of those old outlet devices in stock?

Sadly no, though I think a few resellers still have a small quantity in stock last I checked!

https://foundationdevices.com/resellers/

Quote from: dkbit98 on May 09, 2023, 05:26:56 PM

Quote from: foundationdvcs on May 08, 2023, 02:42:04 PM

- Sending to Taproot addresses

Is Passport wallet now fully supporting Taproot format address both for receiving and sending?
If you can confirm that I can move on and add it on my topic List of Wallets supporting Taproot:
https://bitcointalksearch.org/topic/list-wallets-supporting-taproot-5371499

This would be fifth hardware wallet with Taproot support after Ledger, Trezor, BitBox02 andOneKey.

No, in this release it is just p2tr (spending to Taproot addresses) but does not support receiving to Taproot addresses or spending Taproot outputs. That is slated for our next major release and is already actively in dev! We'll combine shipping that with full Taproot support in Envoy (which currently also has simple p2tr support and not full receive/spend).

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: foundationdvcs on May 08, 2023, 02:42:04 PM

- Backporting v2.1.0 firmware to Founder’s Edition

I think owners of old Founder's Edition will be happy hearing this.
Do you still have some of those old outlet devices in stock?

Quote from: foundationdvcs on May 08, 2023, 02:42:04 PM

- Sending to Taproot addresses

Is Passport wallet now fully supporting Taproot format address both for receiving and sending?
If you can confirm that I can move on and add it on my topic List of Wallets supporting Taproot:
https://bitcointalksearch.org/topic/list-wallets-supporting-taproot-5371499

This would be fifth hardware wallet with Taproot support after Ledger, Trezor, BitBox02 andOneKey.

foundationdvcs

copper member

Activity: 101

Merit: 255

The latest version of Passport firmware, v2.1.0, has been released!

Please note that this is our largest release in some time and also brings Founder's Edition up to date with Batch 2 devices, unifying our firmware. As this is such a large update, we'd love for you all to test it as much as you can before we announce it more widely.

Highlights of this release:

- Backporting v2.1.0 firmware to Founder’s Edition
- Sending to Taproot addresses
- A new Key Manager Extension for BIP 85 and Nostr key support and export
- BIP 85 SeedQR exports

For the full release notes, browse Github or read our blog post below:

https://foundationdevices.com/2023/05/passport-version-2-1-0-is-now-live/

NOTE: Since we are now releasing both firmware files from the same repo, the file naming has changed slightly. "Batch 2" devices use the same naming scheme for firmware as before:

Code:

v2.1.0-passport.bin

but Founder's Edition is now named explicitly to avoid confusion:

Code:

v2.1.0-founders-passport.bin

DireWolfM14

copper member

Activity: 2338

Merit: 4543

Join the world-leading crypto sportsbook NOW!

Quote from: foundationdvcs on May 03, 2023, 06:34:29 PM

No plans at this time to have an official firmware for current devices

That's too bad. I really love my Batch 2, and I am very much a bitcoin maximalist, but I do end up holding several thousands of dollars worth of monero from time to time. I promise, that will be only altcoin I ever ask you to implement!

n0nce

hero member

Activity: 924

Merit: 5943

not your keys, not your coins!

Quote from: dkbit98 on May 03, 2023, 05:29:43 PM

This all resulted in one more of NVK episodes, but I think you guys nailed it with latest blog post from Zach Herbert, so I have to post it here, as An Open Letter to NVK and Coldcard:
https://www.zherbert.com/an-open-letter-to-nvk-and-coldcard/

Good read, thanks.

Quote from: dkbit98 on May 03, 2023, 05:29:43 PM

Maybe people with old version Passport devices (like n0nce) can test this unofficial firmware when it gets released:
https://github.com/mjg-foundation/passport2-monero

Sure, I can give it a shot, if there's interest for it!

As far as I can tell, they only just started with this fork, so it should take a while. Many aspects of Monero are quite different (the cryptography in particular), which should require massive changes.

In the meantime, I downloaded v2.1.0-beta-6-founders and give it a shot on the weekend.

foundationdvcs

copper member

Activity: 101

Merit: 255

Quote from: dkbit98 on May 03, 2023, 05:29:43 PM

Someone decided to fork Passport code and enable separate support for monero, and I don't see anything wrong with that, unless it takes away dev time from working on improving BTC code and fixing bugs.

Yes, and just to be clear this is a community fork and not officially from us. No plans at this time to have an official firmware for current devices, but in theory this will end up being unofficial firmware for at least Batch 2 (and maybe Founder's Edition) if enough devs rally around it! Beauty of true free and open-source projects is they can spinoff in many directions

Quote from: dkbit98 on May 03, 2023, 05:29:43 PM

Maybe people with old version Passport devices (like n0nce) can test this unofficial firmware when it gets released:
https://github.com/mjg-foundation/passport2-monero

I believe this will be focused on Batch 2 devices, but it may also end up supporting FE as well. Unclear at this point.

dkbit98

legendary

Activity: 2212

Merit: 7064

Someone decided to fork Passport code and enable separate support for monero, and I don't see anything wrong with that, unless it takes away dev time from working on improving BTC code and fixing bugs.
This all resulted in one more of NVK episodes, but I think you guys nailed it with latest blog post from Zach Herbert, so I have to post it here, as An Open Letter to NVK and Coldcard:
https://www.zherbert.com/an-open-letter-to-nvk-and-coldcard/

Maybe people with old version Passport devices (like n0nce) can test this unofficial firmware when it gets released:
https://github.com/mjg-foundation/passport2-monero

Topic: Foundation Passport Official Thread - page 17. (Read 6599 times)