PIN codes and Hardware Wallets

[dkbit98]

I am starting this topic as an exploration and research about PIN codes and how they work in various hardware wallets.
Not all hardware wallets are made equal, and nor all PIN codes work the same in hardware wallets.

What is PIN code?
- Postal Index Number or PIN code is usually a four to six digit number code, that was first introduced in 1972 by Shriram Bhikaji Velankar for Indian Post.
This year we celebrate 50 years since usage of PIN codes, and today we use them everywhere including in hardware wallets.

In hardware wallets PIN code is used as protection, and entering wrong PIN can create different results for different hardware wallets.
PIN codes can be hacked with right tools and equipment so don't consider them as ultimate protection for your devices.
Some wallets use regular Password instead of PIN, and they can use letters, pattern or biometrics like fingerprints.
Note that some hardware wallets can be bricked and permanently unusable if wrong PIN was entered specific amount of times!

Ledger wallet
Enter an incorrect PIN code 3 times in a row and device will reset after the third incorrect attempt as a security measure.
https://support.ledger.com/hc/en-us/articles/360017582434-Reset-to-factory-settings-?docs=true

Trezor wallet
Trezor hardware wallet will be wiped after entering 16 failed attempts, but delay time was longer each time you enter wrong pin.
https://wiki.trezor.io/Security:Threats

Coldcard wallet
Coldcard permanently bricks itself after entering wrong PIN 13 times!
https://coldcard.com/docs/

Passport wallet
Passport permanently bricks itself after entering wrong PIN 21 times!
The Secure Element includes monotonic counters that enable PIN attempt tracking, where the Secure Element will “brick” itself by no longer permitting login attempts if the maximum number of attempts is exceeded.
https://github.com/Foundation-Devices/passport-firmware/blob/main/SECURITY/SECURITY.md

Keystone wallet
After 12 incorrect attempts using the pattern unlock option, users will be required to unlock their devices with the text password.
After 5 incorrect attempts to unlock your device with the text password option, the device will automatically wipe itself of all data.
If your device is wiped in this way, please be advised that your Keystone can only be restored with the recovery phrase. The system password can also only be reset by entering the recovery phrase.
https://support.keyst.one/basic-features/password

SecuX
If you enter the PIN incorrectly five times, it'll reset the device.
https://secuxtech.com/faq#wallet_device_issues

Ngrave
Ten wrong PIN codes results in the device wiping itself.
https://support.ngrave.io/hc/en-us/articles/4409603287185-The-wallet-doesn-t-recognize-my-fingerprint-how-do-I-access-my-wallet-

Jade
PIN entered wrong 3 times are locked out by the server.


This page is a work in progress.
Feel free to post your suggestions for new hardware wallets, and correct any mistake I accidently made.

[1715606238]

1715606238

[Coin-Keeper]

PIN codes can be hacked with right tools and equipment so don't consider them as ultimate protection for your devices.

While I know you are aware of this, newer members, or those new to Trezor Hardware wallets may not be:

The Trezor T Hardware wallet device has the capability to encrypt the PIN and the SEED.  I use that feature with my Trezors.  Its important to utilize software encryption, and I strongly prefer it to the notion that some devices have a "secure chipset".  If you believe that I want to sell you the Brooklyn Bridge, LOL!  Of course unrelated to this thread you should consider employing a passphrase to fortify your defenses.  NO hardware wallet stores passphrases so there is nothing to hack from the physical device along those lines of attack.

[m2017]

Looking through the list above, I have an idea that only Ledger has the most adequate number of attempts to enter a PIN (although it's not ideal).

Ledger wallet -3 times
Trezor wallet - 16 times
Coldcard wallet - 13 times
Passport wallet - 21 times
Keystone wallet - 12+5 times

Although in my opinion, the optimal amount could be about 5-7 times. More than 10, as for the proposed devices, I think it’s too much and the owner of the hardware wallet doesn’t need so much (he will dial the correct PIN with fewer attempts), while the attacker gets more chances to pick up a PIN with a large number of attempts.

Of course, this is not the whole list of existing devices, and most likely OP will add information about others later too.

[bitmover]

I am starting this topic as an exploration and research about PIN codes and how they work in various hardware wallets.
Not all hardware wallets are made equal, and nor all PIN codes work the same in hardware wallets.

Nice idea for a topic, I didn't know about all those variations since our last chat in another topic.

Since your topic is about PIN codes in general, I will suggest that you add a session about "multiple PIN codes". Some hardware wallets allow you to use multiple PIN codes when you add a passphrase. This is interesting because you can have 2 wallets in the same device, and even a "hidden" one in case of a physical attack.

Ledger nano allows 2 PIN codes:
https://www.ledger.com/academy/passphrase-an-advanced-security-feature

Another option is to link a passphrase of your choosing to a secondary PIN code. When choosing this option, you would first create a passphrase directly on your Ledger device. After having done so, you would be able to choose a secondary PIN code for your Ledger device. After this, each time you turn on your device, you could choose between entering your normal PIN code or your secondary PIN code. If you would enter your secondary PIN code, your accounts hidden behind a passphrase would be accessible.

For example:

Regular PIN code: 1653 → Normal accounts
Secondary PIN code: 8530 → Hidden accounts

In ledger nano case, both wallets (one for each PIN) will have the same seed, but one of them will have a passphrase. So, they are different wallets.

[dkbit98]

The Trezor T Hardware wallet device has the capability to encrypt the PIN and the SEED.  I use that feature with my Trezors.  

I think that ledger devices are also encrypting PIN's, but I am not sure about all other hardware wallets.
There could be a problem with losing access to your funds if you forget encryption password so I would be very careful with this.

Looking through the list above, I have an idea that only Ledger has the most adequate number of attempts to enter a PIN (although it's not ideal).

I would disagree.
Less is not better, especially compared to all other hardware wallets.
There is a good reason why everyone else (except ledger crap) made much more wrong attempts for PIN, some can even brick a device.

Since your topic is about PIN codes in general, I will suggest that you add a session about "multiple PIN codes". Some hardware wallets allow you to use multiple PIN codes when you add a passphrase. This is interesting because you can have 2 wallets in the same device, and even a "hidden" one in case of a physical attack.

As far as I know only ledger is using multiple PIN's, but I think they are mixing and connecting this with wallet passphrase, and I don't like this very much.

[bitmover]

As far as I know only ledger is using multiple PIN's, but I think they are mixing and connecting this with wallet passphrase, and I don't like this very much.

Why not? Passphrase just add an extra security. I don't see downsides. It is designed specifically for physical attacks.

The trezor device does exactly the same, but you don't have the extra pin to access it easily.
https://wiki.trezor.io/Passphrase

[dkbit98]

Why not? Passphrase just add an extra security. I don't see downsides. It is designed specifically for physical attacks.

I never said I am against passphrases at all, I just don't like how ledger is connecting them with PIN codes.
There is a big difference between this two (PIN vs Passphrase) so I don't want to mix them together, and yes I know Trezor have passphrase option like most other hardware wallets.
People often think that Password is the same as Pin or as Passphrase, but that can only create confusion.

[m2017]

Looking through the list above, I have an idea that only Ledger has the most adequate number of attempts to enter a PIN (although it's not ideal).

I would disagree.
Less is not better, especially compared to all other hardware wallets.
There is a good reason why everyone else (except ledger crap) made much more wrong attempts for PIN, some can even brick a device.

Can you explain in more detail what is the advantage of more attempts to enter a PIN code than 3 for Ledger? I may be wrong, but it seemed to me that the more attempts there are, the more chances there are to pick up a PIN code for a non-owner of the hardware wallet. At the same time, the more times, the more chances the owner will have to remember his PIN code. It's like you need some average value, which (in my opinion) will be optimal - 5-7 times or a little more (may be ~10 times).

[SFR10]

Feel free to post your suggestions for new hardware wallets,

• SecuX - If you enter the PIN incorrectly five times, it'll reset the device ^{[refer to #8 and #10]}.
• Ngrave - Ten wrong PIN codes results in the device wiping itself ^[source].

As far as I know only ledger is using multiple PIN's,

While I was reading the "Wallet and Device Issues ^{[refer to #5]}" section on SecuX, I discovered they also have such a thing in place.

[n0nce]

Looking through the list above, I have an idea that only Ledger has the most adequate number of attempts to enter a PIN (although it's not ideal).

I would disagree.
Less is not better, especially compared to all other hardware wallets.
There is a good reason why everyone else (except ledger crap) made much more wrong attempts for PIN, some can even brick a device.

Can you explain in more detail what is the advantage of more attempts to enter a PIN code than 3 for Ledger? I may be wrong, but it seemed to me that the more attempts there are, the more chances there are to pick up a PIN code for a non-owner of the hardware wallet. At the same time, the more times, the more chances the owner will have to remember his PIN code. It's like you need some average value, which (in my opinion) will be optimal - 5-7 times or a little more (may be ~10 times).

There is no 'perfect number', but if your device bricks after 3 wrong entries, a false-positive is quite likely.
A good password / PIN is not significantly more likely to be brute-forced if you give an attacker 3 or 20 tries. If it's 3 or 3000, it could be a different story.

Basically, brute-forcing 20 attempts in the real world is just as unlikely to unlock the device as if you only had 3.

[bitmover]

Can you explain in more detail what is the advantage of more attempts to enter a PIN code than 3 for Ledger? I may be wrong, but it seemed to me that the more attempts there are, the more chances there are to pick up a PIN code for a non-owner of the hardware wallet. At the same time, the more times, the more chances the owner will have to remember his PIN code. It's like you need some average value, which (in my opinion) will be optimal - 5-7 times or a little more (may be ~10 times).

There is no 'perfect number', but if your device bricks after 3 wrong entries, a false-positive is quite likely.
A good password / PIN is not significantly more likely to be brute-forced if you give an attacker 3 or 20 tries. If it's 3 or 3000, it could be a different story.

Basically, brute-forcing 20 attempts in the real world is just as unlikely to unlock the device as if you only had 3.

I agree with m2017 here.
Ledger device will not break after 3 attempts, it will just reset. And the owner has the private key.

If an attacker just enter into my house and find the device he may discover the secret code in 17 attempts that some those device allow. This is not a brute force, he is trying easy pins.

Although people should not use birthdays, year of birth,etc as pin code, those are VERY common. Someone may just try a few dates or other easy to remember combinations and discover the pin.

I feel safer with 3 attempts and device is reseted.

Just to illustrate... When I am traveling and I need wifi passwords, I just try "nameofstore2022" or 2021, 2020 etc and it works like 10-20% of the times.

[Coin-Keeper]

dkbit98,

I think that ledger devices are also encrypting PIN's, but I am not sure about all other hardware wallets.
There could be a problem with losing access to your funds if you forget encryption password so I would be very careful with this I think that ledger devices are also encrypting PIN's, but I am not sure about all other hardware wallets.
There could be a problem with losing access to your funds if you forget encryption password so I would be very careful with this

Unless a user is a complete newbie this would never be an issue.  Let me explain:  The very FIRST step a user should complete on ANY hardware wallet is a complete multiple backup of the SEED used  -------- period!!  If I forget my PIN or misplace my encryption SD card I would simply blow away the Trezor and recreate my wallets from scratch.  Very easy to do!!

My comments did assume you were using PIN=password in your post above.  If you actually meant passwords and not a PIN then you are correct.  Just wanted to make sure some of our readers are clear that PINs don't present a big problem with proper SEED backups.  .02

PIN attempts:
Regarding PIN attempts on hardware wallets.  Trezor T allows for 16 attempts.  What do you think the odds are of someone guessing my unique (used nowhere else ever) 9 digit PIN in only 16 attempts.  Basically zero!!  With advanced encrypted PIN on SD you can't even enter a PIN without the file.  The exception is for my Wipe PIN where the wallet wipes!

[Pmalek]

Coldcard wallet
Coldcard permanently bricks itself after entering wrong PIN 13 times!

I wanted to say how American of them, but they are assembled in Canada. Still, close enough.

I remember reading that ColdCard has a unique PIN that you can set up that bricks your device just by entering it once. I forgot what it was called, so I had to look it up. BrickMe PIN
Enter it once, and it achieves the same result as a wrongly entered main PIN 13 times.

The Coldcard additionally lets you set a BrickMe PIN to effectively destroy the Coldcard device permanently. When the BrickMe PIN is used, the critical secret is irreversibly destroyed, and the wallet essentially becomes as useless as a brick”.

https://7labs.io/tips-tricks/coldcard-btc-hardware-wallet.html

Ledger wallet -3 times
Coldcard wallet - 13 times

There is a difference between these two. If you wrongly enter your PIN 3 times on a Ledger, the device will reset itself to factory settings. It can still be used but you need to recover it from seed. If you enter the PIN wrongly 13 times on a ColdCard, the HW gets permanently bricked. It's destroyed and you can't use it any longer. Ever.

I never said I am against passphrases at all, I just don't like how ledger is connecting them with PIN codes.

It doesn't have to be connected and accessible with the PIN. You can set a temporary passphrase valid only for that session and until you turn the device off. In that case, you don't need to attack a new PIN to your passphrase account.

[o_e_l_e_o]

What is the benefit of a device bricking itself after x number of attempts, rather than just factory resetting itself? Assuming in both cases there is no chance to recover access to the original wallet without knowledge of the seed phrase, then bricking instead of simply securely wiping/shredding the data seems like a bug, not a feature, and simply forces the user to purchase another hardware wallet rather than just using their newly reset one to recovery from a back up.

Given that we know plenty of people leave hardware wallets lying around where they shouldn't, on desks, in drawers, etc., I'd be pretty pissed if a kid (for example) picked it up thinking it was some kind of phone and inadvertently permanently bricked my $200+ device.

[joniboini]

bricking instead of simply securely wiping/shredding the data seems like a bug, not a feature, and simply forces the user to purchase another hardware wallet rather than just using their newly reset one to recovery from a back up.

I think from a business perspective this is the goal, so they buy again if they forget it. But they can also say something along the lines that it protects your assets if somebody stole them. In case you lost your wallet, the hacker has no chance to recover it while you can with another device/wallet as long as you have a backup.

[n0nce]

What is the benefit of a device bricking itself after x number of attempts, rather than just factory resetting itself?
[...]
Given that we know plenty of people leave hardware wallets lying around where they shouldn't, on desks, in drawers, etc., I'd be pretty pissed if a kid (for example) picked it up thinking it was some kind of phone and inadvertently permanently bricked my $200+ device.

Good point and good question! I will ask @zherbert, since I'll also start working on my Passport v2 review soon^TM. So I can get their answer to this bug / feature question in there, as well.

bricking instead of simply securely wiping/shredding the data seems like a bug, not a feature, and simply forces the user to purchase another hardware wallet rather than just using their newly reset one to recovery from a back up.

I think from a business perspective this is the goal, so they buy again if they forget it. But they can also say something along the lines that it protects your assets if somebody stole them. In case you lost your wallet, the hacker has no chance to recover it while you can with another device/wallet as long as you have a backup.

That makes no sense though; in case the thief / attacker finds a wallet that just erases itself to factory settings after 3 attempts, they can't recover it any more or less easily than if it destroys itself after the same amount of attempts, right?

[o_e_l_e_o]

That makes no sense though; in case the thief / attacker finds a wallet that just erases itself to factory settings after 3 attempts, they can't recover it any more or less easily than if it destroys itself after the same amount of attempts, right?

My point exactly. If the argument is that bricking a device is safer than simply factory resetting because you cannot guarantee that all the data is destroyed with a factory reset, then they are pretty much admitting that they think data can be extracted from their device via some method. In which case, whether the device resets or bricks itself is irrelevant, since no attacker would attempt to brute force an unknown PIN with 3/10/20 whatever attempts, and instead proceed to extract the data through whatever these methods may be.

Also, if the argument is that bricking is more secure than a factory reset, then the devices should come with a huge warning to never sell your device, give it to a friend, etc., since even if you factory reset it your wallets would be at risk. As far as I am aware, no device comes with such a warning.

[n0nce]

That makes no sense though; in case the thief / attacker finds a wallet that just erases itself to factory settings after 3 attempts, they can't recover it any more or less easily than if it destroys itself after the same amount of attempts, right?

My point exactly. If the argument is that bricking a device is safer than simply factory resetting because you cannot guarantee that all the data is destroyed with a factory reset, then they are pretty much admitting that they think data can be extracted from their device via some method. In which case, whether the device resets or bricks itself is irrelevant, since no attacker would attempt to brute force an unknown PIN with 3/10/20 whatever attempts, and instead proceed to extract the data through whatever these methods may be.

Also, if the argument is that bricking is more secure than a factory reset, then the devices should come with a huge warning to never sell your device, give it to a friend, etc., since even if you factory reset it your wallets would be at risk. As far as I am aware, no device comes with such a warning.

What I can extract from available information by Foundation (since I've looked up more information about this wallet than any other) is this.

The Secure Element is configured so that if the monotonically increasing counter ever reaches the same value as in the Match Count slot, then it is no longer possible to read or use the PIN Stretch key in Slot 2 of the Secure Element – which means it’s impossible to hash the PIN with it, so there is no way to login to the device after that. The device is essentially “bricked.”

Passport allows a maximum of 21 unsuccessful PIN attempts.

I guess they chose to use the built-in counter mechanism of the secure element, to make sure that nobody is able to bypass the counter. If they stored the number in flash for instance, a skilled attacker could reset the number to 0 before hitting the n-th attempt at which it would factory reset (or brick itself). This could even be automated with relatively limited required hardware and combined with a brute-force PIN guessing script.
The downside is that the secure chip with this secure built-in counter probably doesn't have the ability to factory reset the device when the counter is reached, since it doesn't have as 'direct' and immediate, full control over the main processor, the type of acces it does have to its own internal secure storage 'slots'.

Therefore it leaves you with 2 options:
(1) Use the secure counter of the secure element, but when it reaches its maximum value, it can only trigger a 'permanent brick' as it's not capable to factory reset the device.
(2) Use an insecure counter stored in flash, and have the freedom to do with your MCU what you want. Erase the flash, restore to factory settings, brick it, you name it.

I'm not sure that this is 100% accurate, but it may be a technical limitation actually.

[o_e_l_e_o]

I'm not sure that this is 100% accurate, but it may be a technical limitation actually.

That's an interesting angle which I had not considered. It does however raise the question that if this were the case, why have we not seen the PIN counter being reset on other devices which do not use this hardware counter? Given how eager hardware wallet manufacturers are to disparage the competition, if this were possible would we not have seen a disclosure that "X wallet's PIN counter can be bypassed"?

[n0nce]

I'm not sure that this is 100% accurate, but it may be a technical limitation actually.

That's an interesting angle which I had not considered. It does however raise the question that if this were the case, why have we not seen the PIN counter being reset on other devices which do not use this hardware counter? Given how eager hardware wallet manufacturers are to disparage the competition, if this were possible would we not have seen a disclosure that "X wallet's PIN counter can be bypassed"?

I'm sure that on a hardware wallet like Trezor without secure element, this is a pretty viable attack vector. My guess is that if you already go through the trouble of doing hardware attacks, you may as well skip all the boring bruteforcing that is still required in this example and 'go for gold', directly dumping the seed during the boot process, like Joe Grand did it. Or use any other attack type that doesn't require waiting for potentially days or weeks.
This actually makes this list even more interesting, because we can now easily point out which hardware wallets have a non-destructive 'attempt counter', while also having a secure chip. These are exactly the devices where it may make sense to attempt finding the storage location of the counter (obviously outside the secure element) and attacking that to get unlimited PIN entry attempts.