Bitcoin Forum
November 08, 2024, 11:51:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Coldcard Q passphrase backup question  (Read 77 times)
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
July 21, 2024, 09:52:08 PM
 #1

I'm getting more comfortable with my cold storage and was curious about storing the passphrase of my 24 seed word to an SD card like coldcard let's you do. I've been completely air gapped up until this point and wondered if it was safe to use the same SD card for transactions. This means the transactions get saved to the SD card from sparrow, and loaded and signed in coldcard, then back to sparrow to broadcast the signed tx. Does the act of having that passphrase backup on the same SD card now break the air gapped setup? Should I continue to use the same SD card or get another one for the passphrase backup, and keep one to sign transactions?

For further clarification I am NOT storing or doing a seed phrase backup, but JUST the passphrase.
Charles-Tim
Legendary
*
Offline Offline

Activity: 1722
Merit: 5202


Leading Crypto Sports Betting & Casino Platform


View Profile
July 21, 2024, 09:59:00 PM
 #2

Be it seed phrase or passphrase backup, it is better and secure to let it be left somewhere safe without using the SD card any other thing than backup. Make sure the backup are two or three in different locations.

I think Cold card Q supports QR code. Why not use the QR code option for making transactions instead of using SD card?



Seed phrase is the 12, 25, 18, 21 or the 24 words that the wallet generated for you.

Passphrase is the extended word if you prefer to add it. It will generate different keys and addresses. Just like the seed phrase, you need the passphrase with the seed phrase to access your coins if you add passphrase. Some people use it, backup the passphrase in different locations from the seed phrase and also having like two or three backups of it. It helps to increase the security of your coins against offline attackers.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
BitMaxz
Legendary
*
Online Online

Activity: 3430
Merit: 3165


Playbet.io - Crypto Casino and Sportsbook


View Profile WWW
July 21, 2024, 10:06:13 PM
 #3

That's pretty risky if you put your backup phrase into the SD card that you usually use for signing coldcard and back to Sparrow wallet which we know is connected to the internet that's not a good idea you need to separate them to save your backup phrase to other storage. SD card is not a good place to save backup phrases writing them down on a piece of paper should be a safe way to protect your backup from online attacks but vulnerable to physical attacks and damages so if you can buy something harder than paper like keystone that would be the best backup storage.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
July 21, 2024, 10:18:21 PM
 #4

That's pretty risky if you put your backup phrase into the SD card that you usually use for signing coldcard and back to Sparrow wallet which we know is connected to the internet that's not a good idea you need to separate them to save your backup phrase to other storage. SD card is not a good place to save backup phrases writing them down on a piece of paper should be a safe way to protect your backup from online attacks but vulnerable to physical attacks and damages so if you can buy something harder than paper like keystone that would be the best backup storage.

Just to be clear, I'm not storing the seed phrase, just the passphrase. Coldcard encrypts it and puts it on the SD card so it can use it, rather than typing it in every time. I'm not storing it as some kind of plain text in a text file that I made or something. Still not a great idea? Even though it's a feature of the device?
Charles-Tim
Legendary
*
Offline Offline

Activity: 1722
Merit: 5202


Leading Crypto Sports Betting & Casino Platform


View Profile
July 21, 2024, 10:26:43 PM
 #5

Just to be clear, I'm not storing the seed phrase, just the passphrase. Coldcard encrypts it and puts it on the SD card so it can use it, rather than typing it in every time. I'm not storing it as some kind of plain text in a text file that I made or something. Still not a great idea? Even though it's a feature of the device?
You mean Sparrow keep asking for passphrase after you put your password? I noticed this when I was using Sparrow also. To be on the safest side, it is better you backup the passphrase offline in a separate location from your seed phrase and use your keyboard to write it on Sparrow wallet. Although, if an offline attacker do not have any clue about it, your suggestion is safe. But I can not go for it.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
BitMaxz
Legendary
*
Online Online

Activity: 3430
Merit: 3165


Playbet.io - Crypto Casino and Sportsbook


View Profile WWW
July 21, 2024, 10:38:57 PM
 #6

Just to be clear, I'm not storing the seed phrase, just the passphrase. Coldcard encrypts it and puts it on the SD card so it can use it, rather than typing it in every time. I'm not storing it as some kind of plain text in a text file that I made or something. Still not a great idea? Even though it's a feature of the device?

Since the passphrase is a part of the seed phrase it is still not safe if you just save and store it on an SD card that you usually use to connect to an online device. For complete protection and to make sure your wallet is safe better put your passphrase to any offline device you want or write it down on a piece of paper. If you keep your passphrase into that SD card that you usually use for signing and connecting to Sparrow you already break one of the rules to protect your wallet from online attacks.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
July 21, 2024, 10:40:44 PM
Merited by Charles-Tim (1)
 #7

Just to be clear, I'm not storing the seed phrase, just the passphrase. Coldcard encrypts it and puts it on the SD card so it can use it, rather than typing it in every time. I'm not storing it as some kind of plain text in a text file that I made or something. Still not a great idea? Even though it's a feature of the device?
You mean Sparrow keep asking for passphrase after you put your password? I noticed this when I was using Sparrow also. To be on the safest side, it is better you backup the passphrase offline in a separate location from your seed phrase and use your keyboard to write it on Sparrow wallet. Although, if an offline attacker do not have any clue about it, your suggestion is safe. But I can not go for it.

No, sparrow doesn't ask for it. Coldcard makes you put the passphrase in every time, which is fine. OR you have the option to backup your passphrase to an SD card and tell Coldcard to use that. Not sparrow. Sparrow has nothing to do with it.
Charles-Tim
Legendary
*
Offline Offline

Activity: 1722
Merit: 5202


Leading Crypto Sports Betting & Casino Platform


View Profile
July 21, 2024, 10:51:55 PM
 #8

Since the passphrase is a part of the seed phrase it is still not safe if you just save and store it on an SD card that you usually use to connect to an online device. For complete protection and to make sure your wallet is safe better put your passphrase to any offline device you want or write it down on a piece of paper. If you keep your passphrase into that SD card that you usually use for signing and connecting to Sparrow you already break one of the rules to protect your wallet from online attacks.
I think offline attack is more possible with this because coldcard seed phrase will be kind of impossible to be known by online attackers. If QR code is used, it is perfectly airgapped in a way nothing can reveal the seed phrase to any online attacker. I do not know much about the SD card but Coldcard kind of recommending it.

Your COLDCARD doesn't store passphrases, therefore backup files don't contain passphrases. Backups capture the original seed, not the extended private key created by the passphrase. Passphrases can be stored on a microSD card whenever they are applied.

But I prefer just QR code for making transactions and also my passphrase to be stored on offline in a way I will have to type it manually.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
July 21, 2024, 11:20:39 PM
 #9

Since the passphrase is a part of the seed phrase it is still not safe if you just save and store it on an SD card that you usually use to connect to an online device. For complete protection and to make sure your wallet is safe better put your passphrase to any offline device you want or write it down on a piece of paper. If you keep your passphrase into that SD card that you usually use for signing and connecting to Sparrow you already break one of the rules to protect your wallet from online attacks.
I think offline attack is more possible with this because coldcard seed phrase will be kind of impossible to be known by online attackers. If QR code is used, it is perfectly airgapped in a way nothing can reveal the seed phrase to any online attacker. I do not know much about the SD card but Coldcard kind of recommending it.

Your COLDCARD doesn't store passphrases, therefore backup files don't contain passphrases. Backups capture the original seed, not the extended private key created by the passphrase. Passphrases can be stored on a microSD card whenever they are applied.

But I prefer just QR code for making transactions and also my passphrase to be stored on offline in a way I will have to type it manually.

I would have no problem using QR code but I don't have a webcam. Just the QR code reader on my coldcard.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!