Bitcoin Forum
May 22, 2019, 12:26:30 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: ColdCard hardware wallet  (Read 436 times)
proo7
Jr. Member
*
Offline Offline

Activity: 210
Merit: 4


View Profile
September 19, 2018, 11:39:46 PM
 #1

Has anyone used and tested ColdCard hardware wallet so far ?

https://coldcardwallet.com/


What is the Coinkite Coldcard? It's a Bitcoin hardware wallet, so it signs transactions and can be used offline.

    BIP39 based, which means you can backup the secret words onto paper, and have lots of sub-accounts and unlimited independent payment addresses.
    It knows how to understand transactions, so you can see what you are approving.
    The first PSBT (BIP 174) native wallet which can be used completely offline for it's entire lifecycle.

But it's different!

    NO specialized software required. It accepts standard PSBT transaction (BIP 174) stored on an MicroSD card.
    NO companion 'app' on your computer, works with the major wallets already (Electrum, and more to come).
    It's cheap! Simple packaging, plain design, no fancy boxes, no redundant cables.
    It's ultrasecure! Real crypto security chip. Your private key is stored in a dedicated security chip, not the main micro's flash.
    Easy back-up! MicroSD card slot for backup and data storage. This allows truly offline signing, by transferring the unsigned/signed transactions on sneakernet.
    Open source software design runs Micropython and you can change it.
1558484790
Hero Member
*
Offline Offline

Posts: 1558484790

View Profile Personal Message (Offline)

Ignore
1558484790
Reply with quote  #2

1558484790
Report to moderator
1558484790
Hero Member
*
Offline Offline

Posts: 1558484790

View Profile Personal Message (Offline)

Ignore
1558484790
Reply with quote  #2

1558484790
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558484790
Hero Member
*
Offline Offline

Posts: 1558484790

View Profile Personal Message (Offline)

Ignore
1558484790
Reply with quote  #2

1558484790
Report to moderator
1558484790
Hero Member
*
Offline Offline

Posts: 1558484790

View Profile Personal Message (Offline)

Ignore
1558484790
Reply with quote  #2

1558484790
Report to moderator
proo7
Jr. Member
*
Offline Offline

Activity: 210
Merit: 4


View Profile
September 21, 2018, 09:45:13 PM
 #2

Here is the interview with creator of ColCard hardware wallet Rodolfo Novak

https://www.youtube.com/watch?v=HIMuJ6CXCM0

I think they created Opendime wallet before also


Has anyone tried to hack it or examine it from inisde ?
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 1652
Merit: 1270


Hire BOUNTYPORTALS>Bounty management goo.gl/XKv9TK


View Profile
September 23, 2018, 05:27:49 PM
 #3

Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.

You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.

proo7
Jr. Member
*
Offline Offline

Activity: 210
Merit: 4


View Profile
September 25, 2018, 07:03:21 PM
 #4

Honestly, It's not worth it, at least not for 69.99$. The design alone is not attractive, let alone the features.

You could add more money and get a Trezor for 69 EUR (excl. VAT) and enjoy more features, frequent updates, big userbase, faster support etc.

I agree with you that Trezor and Ledger are looking more attractive and with more features,
but when it comes to security... I think that ColdCard is a much safer option.
I would agree with you that price could be a bit cheaper... maybe around 49$
HCP
Legendary
*
Offline Offline

Activity: 966
Merit: 1500

<insert witty quote here>


View Profile
September 28, 2018, 09:02:19 PM
Merited by vapourminer (1), HeRetiK (1)
 #5

It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.

However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".

I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

proo7
Jr. Member
*
Offline Offline

Activity: 210
Merit: 4


View Profile
September 29, 2018, 10:03:41 AM
 #6

It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.

However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".

I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

Legit question... I would love if ColdCard developers can respond and answer this and other question people have,
but I must say that its for sure more easy to do this 'fake mailicious firmware' for other more popular hardware wallets.
nanobtc
Full Member
***
Offline Offline

Activity: 378
Merit: 163



View Profile WWW
October 25, 2018, 11:03:20 PM
Last edit: October 26, 2018, 12:07:14 AM by nanobtc
 #7

I have one, and sort of like it so far. I got in on the startup thing, so I got it I think $10 cheaper. I have not put any BTC on it yet, still learning. I have a Ledger Nano S, but it seems that Coldcard has the ability to do a few unique things (most notably, sign transactions completely off-line).

I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.

I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.

I HODL, so all of this is just experimentation so far.

EDIT a few minutes later
Got it working with Electrum 3.23  had to add 51-coinkite.rules to /etc/udev/rules.d   Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger

info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules

Unwanted BTC? Dispose of them safely here: 
1ygT7WtmyJn756aBnoYUHMcsr7jAVhyT2
tarball
Jr. Member
*
Offline Offline

Activity: 99
Merit: 5


View Profile
November 01, 2018, 12:49:49 AM
 #8

I have one, and sort of like it so far. I got in on the startup thing, so I got it I think $10 cheaper. I have not put any BTC on it yet, still learning. I have a Ledger Nano S, but it seems that Coldcard has the ability to do a few unique things (most notably, sign transactions completely off-line).

I am still in 'dabbling-mode' with the Ledger Nano S as well, so I am in no position to make an informed comparison. I've been in the space a while, the lack of alt-coins does not bother me, I'm only interested in BTC.

I see that the latest Electrum supports it directly, so a familiar software wallet (for me) that works with it will be great. I need to tweak udev in Linux apparently, haven't got it completely working yet.

I HODL, so all of this is just experimentation so far.

EDIT a few minutes later
Got it working with Electrum 3.23  had to add 51-coinkite.rules to /etc/udev/rules.d   Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger

info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules

Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.

Thanks for reading my post.
tarball
Jr. Member
*
Offline Offline

Activity: 99
Merit: 5


View Profile
November 01, 2018, 12:51:44 AM
 #9

It is certainly an interesting concept. It can be used as an "offline signer" in conjunction with Electrum... so instead of using a 2nd computer, you simply transfer the unsigned transaction to your coldcard via a microSD, sign it, then transfer it back to your online PC and broadcast.

However, my concern lies with the fact that the microSD can also be used to "update firmware"... and "backup your (encrypted) seed".

I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.

Thanks for reading my post.
bob123
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1014



View Profile WWW
November 01, 2018, 08:44:09 AM
 #10

[...]
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.

Huh ?

What kind of backup is being generated if you still need your 12 word mnemonic ?

Are you sure that you need your mnemonic seed to decrypt the backup file ??
IMO, this wouldn't make much sense. The mnemonic seed should be the backup itself.


As i have understood it, it generates a backup (= encrypted mnemonic seed) which needs a password(?) to be decrypted.

nanobtc
Full Member
***
Offline Offline

Activity: 378
Merit: 163



View Profile WWW
November 01, 2018, 01:17:36 PM
 #11


Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.


{snip} I have not tried p2sh-segwit. The latest Sept 11 firmware says:

Can create Electrum skeleton wallet for Segwit Native and Segwit P2SH now.
    caveat: the plugin is not ready yet for P2SH/Segwit, but Segwit native is fine


https://coldcardwallet.com/docs/upgrade  

I do like that Electrum 3.23 lets you upgrade the Coldcard firmware directly via USB, without an SD card.

Unwanted BTC? Dispose of them safely here: 
1ygT7WtmyJn756aBnoYUHMcsr7jAVhyT2
tarball
Jr. Member
*
Offline Offline

Activity: 99
Merit: 5


View Profile
November 01, 2018, 06:01:40 PM
 #12


Have you been able to sign transaction for p2sh-segwit format? I have only been able to sign for legacy format. The electrum wallet file for p2sh-segwit does not recognise my coldcard, whereas the wallet file using p2pkh format does recognise it.


{snip} I have not tried p2sh-segwit. The latest Sept 11 firmware says:

Can create Electrum skeleton wallet for Segwit Native and Segwit P2SH now.
    caveat: the plugin is not ready yet for P2SH/Segwit, but Segwit native is fine


https://coldcardwallet.com/docs/upgrade  

I do like that Electrum 3.23 lets you upgrade the Coldcard firmware directly via USB, without an SD card.

Oops. hehe. Must have missed that part.

I agree. I like that option that Electrum provides.

Thanks for reading my post.
tarball
Jr. Member
*
Offline Offline

Activity: 99
Merit: 5


View Profile
November 01, 2018, 06:04:28 PM
 #13

[...]
I wonder how long before someone figures out a way to update the firmware so that it creates an unencrypted backup of your seed on the microSD card Tongue

I have tried the backup option. It creates a 12 word mnemonic that acts as the pass phrase to decrypt it.

Huh ?

What kind of backup is being generated if you still need your 12 word mnemonic ?

Are you sure that you need your mnemonic seed to decrypt the backup file ??
IMO, this wouldn't make much sense. The mnemonic seed should be the backup itself.


As i have understood it, it generates a backup (= encrypted mnemonic seed) which needs a password(?) to be decrypted.

When you create a wallet, it will give you 24 bip39 words to write down. After creating the wallet, if you choose the backup option, it will give you a 12 word 'passphrase' (if you want to call it that) to encrypt the file.

The 'backup' is essentially a system image, which includes the seed, as well as system preferences.

You can read about how it works here:
https://coldcardwallet.com/docs/backups

'Background
The Coldcard is unique in that we offer a backup feature to save your wallet seeds to MicroSD card. Settings and other meta is saved as well. The encrypted file can be treated as any other file because we use AES-256 encryption, with a strong pass phrase.

Even using this feature, you should still have a paper-only copy of your 24 seed words. Use the encrypted backup feature for convenience and duplication.'

Thanks for reading my post.
tarball
Jr. Member
*
Offline Offline

Activity: 99
Merit: 5


View Profile
November 02, 2018, 06:11:41 AM
 #14


EDIT a few minutes later
Got it working with Electrum 3.23  had to add 51-coinkite.rules to /etc/udev/rules.d   Reloaded udev stuff with sudo udevadm control --reload-rules && sudo udevadm trigger

info here: https://github.com/Coldcard/ckcc-protocol/blob/master/51-coinkite.rules

Is that all you did? Because I cannot get it to work (I'm using Tails). I am also like you, and have a Nano S. I cannot get that to work either (I haven't tried on Tails, but on debian).

Thanks for reading my post.
nanobtc
Full Member
***
Offline Offline

Activity: 378
Merit: 163



View Profile WWW
November 02, 2018, 01:17:11 PM
 #15

Yes, that's all I did. This was on latest/upgraded Ubuntu. I haven't tried it on Tails.

Unwanted BTC? Dispose of them safely here: 
1ygT7WtmyJn756aBnoYUHMcsr7jAVhyT2
nanobtc
Full Member
***
Offline Offline

Activity: 378
Merit: 163



View Profile WWW
November 09, 2018, 04:31:11 AM
 #16

Here's a recent review of the Coldcard.

Unwanted BTC? Dispose of them safely here: 
1ygT7WtmyJn756aBnoYUHMcsr7jAVhyT2
Dragonbro123
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
November 28, 2018, 08:29:33 AM
 #17

It's poor designed. Toooooo ugly IMO...
nanobtc
Full Member
***
Offline Offline

Activity: 378
Merit: 163



View Profile WWW
April 04, 2019, 05:22:44 PM
 #18

Bumping an old one, here. Today (April 4, 2019) there was a new firmware update for the Coldcard:   https://coldcardwallet.com/docs/upgrade

Electrum was apparently vulnerable to a phishing problem, this info from electrum.org:    Warning: Electrum versions older than 3.3 can no longer connect to public servers, and must be upgraded. This is in order to prevent user exposure to phishing messages. Do not download Electrum from any another source than electrum.org.

I bumped into this in a scary way. I don't trade in BTC, just buy and hold. I keep different cold/paper wallets for each year, so when (if?) I cash out, it will be easy to demonstrate it's over a year old, to help with long-term capital gains. A couple of times I needed to sell a little bit for bills. Rather than sweep the whole thing into an exchange wallet, the Coldcard/Electrum combo is great for this. Sweep paper wallet to Electrum, send a bit to the exchange to sell. I left the balance in Coldcard for a couple of days, when I started to send it back to paper wallet, it wouldn't sync.

I run Electrum in Linux from a command line, and there were many alien messages in the terminal. I used the seed words to create a new Electrum wallet, this time without the Coldcard hardware option. Still fail. I looked online, and found the problem, upgraded Electrum. Now the new wallet read everything fine. I like Electrum a lot, but this is a good example of why you should not depend on any one wallet for everything.


Unwanted BTC? Dispose of them safely here: 
1ygT7WtmyJn756aBnoYUHMcsr7jAVhyT2
legendster
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 633



View Profile
April 18, 2019, 04:59:21 PM
 #19

The wallet looks to be pretty tiny and compact. I like it. Not a big fan of the transparent casing but I can get behind that as well. However, with "cheap" in the product's slogan, it still costs $100 for a single piece. That's nearly twice the price of a Trezor or a Ledger nano s..

█▀▀█
██▄█
BESTMIXER.IO // BEST BITCOIN MIXER
█▀▀█
██▄█
nanobtc
Full Member
***
Offline Offline

Activity: 378
Merit: 163



View Profile WWW
April 19, 2019, 12:16:00 AM
 #20

I don't have a Trezor, but have a couple of Ledger Nano S wallets. One seemingly unique feature is the MicroSD slot. From their docs:

Why does it have a MicroSD slot?

    The Coldcard can backup the seed into an encrypted file.
    New transactions to be signed, can be imported from the card.
    Public key data (xpub, receive addresses) can be written onto the card.
    Firmware upgrades can be done by copying the new firmware file onto a card.
    A skeleton Electrum wallet can be created on the card which allows Electrum to "pair" with the Coldcard, without it ever connecting to a USB port.

The second one, in particular is interesting, as it makes completely air-gapped transactions possible. I don't know of any others that can do that, at any price. There may be, I just don't know about them.

Unwanted BTC? Dispose of them safely here: 
1ygT7WtmyJn756aBnoYUHMcsr7jAVhyT2
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!