Bitcoin Forum
November 07, 2024, 01:58:32 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Cold Card Q backup file  (Read 221 times)
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 27, 2024, 12:04:22 AM
 #1

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?
Ever-young
Sr. Member
****
Offline Offline

Activity: 1358
Merit: 259


Get $2100 deposit bonuses & 60 FS


View Profile WWW
August 27, 2024, 12:23:36 AM
 #2

If someone gains access to your backup files, they can't completely have access to your wallet, but the chances of obtaining your wallet data will be slim.
 
Based on my own understanding, the 12-word seed phrase that you have assigned to your wallet serves as the encryption key that can allow anyone to access the wallet data. That's to say that your 12-word seed phrase is what's most important in your wallet, but if you are to lose access to them, our only little chance of getting them back is through backup files.
 
I'm open to correction if what I have assumed is wrong.

█████
██
██
██
██
██
██
██
██
██
██
██
█████

...........▄▄▄██████▄▄
.▄██▄..▄▄███▀▀▀...▀▀███▄
.............█▄█.▄.............▄▄▄
..▀██████▀
...........███▄.............▄▀▀▀...........▄██▀.█...............▄█
...▄████
..............███............███.............██..█...............▄██
..██▀.▀██
............███▀...........▄▄▄...▄▄.▄▄▄▄...███.█▄▄......▄▄▄▄..▄▄██▄▄▄▄
.██▀...▀██
..........███▀.▄▄█▀▀██▄...███..▄██▀▀▀███..███▀▀███...▄██▀▀██...██
███
.....███..▄▄▄▄████▀.▄██▀...██▀..███...██▀...██▀.███....██..██▀.▄██▀..███
██.▄
.....██.████▀▀▀...▄██▄...██▀..▄██▀..███...███..██....██▀.█████▀...▄███
██▄▀█...▄██..▀███
.....▀█████▀██████████▀██...██████▀█████████▀▀██▄▄▄██▀▀███▄▄▄██▀
.███▄▄▄███
....▀███▄.....▀▀▀...▀▀...▀▀▀..▀▀.....▀▀....▀▀▀▀▀......▀▀▀▀......▀▀▀▀
..▀▀███▀▀
.......▀███▄▄....▄▄
..................▀▀███████▀
.......................▀▀

 ▄▄▄▄▄▄▄▄░░░░░░▄▄▄██▄
██████████████████████▄
██████████████████████▀
█████████████████████
██████▀▀▀▀██████████
▀████░░░▄██████████
░░░░░░░▄██████████
░░░░░░███████████▀
░░░░▄████████████
░░░▄████████████▀
░░░█████████████
█████
██
██
██
██
██
██
██
██
██
██
██
█████

UP TO
60 FS
█████
██
██
██
██
██
██
██
██
██
██
██
█████
█████████████

PLAY NOW

████████████
█████
██
██
██
██
██
██
██
██
██
██
██
█████
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 27, 2024, 02:12:09 AM
 #3

If someone gains access to your backup files, they can't completely have access to your wallet, but the chances of obtaining your wallet data will be slim.
 
Based on my own understanding, the 12-word seed phrase that you have assigned to your wallet serves as the encryption key that can allow anyone to access the wallet data. That's to say that your 12-word seed phrase is what's most important in your wallet, but if you are to lose access to them, our only little chance of getting them back is through backup files.
 
I'm open to correction if what I have assumed is wrong.

Well my wallet has a 24 word plus pass phrase on it. It's the backup file that was made with a 12 word seed phrase. When you generate a cold card Q backup file it also generated a 12 word seed phrase to then encrypt with. I'm just trying to see how secure that backup file is if it were to end up in someone else's possession. My understanding is that the file itself would still be worthless to them without the 12 word seed phrase it's tied to, but wanted to confirm that.
nakamura12
Hero Member
*****
Offline Offline

Activity: 2450
Merit: 682


drop me a dm if interested to rent my PT


View Profile
August 27, 2024, 03:13:50 AM
 #4

Well my wallet has a 24 word plus pass phrase on it. It's the backup file that was made with a 12 word seed phrase. When you generate a cold card Q backup file it also generated a 12 word seed phrase to then encrypt with. I'm just trying to see how secure that backup file is if it were to end up in someone else's possession. My understanding is that the file itself would still be worthless to them without the 12 word seed phrase it's tied to, but wanted to confirm that.
I am having trouble understanding what you want to know but i'll try. I think that Coldcard Q uses pin code to encrypt the device and it is also what you need to access the device. As for the words, I think you created two wallets which is the 24 words and the other is the 12 words. If I am not wrong, the pin code that you set to the device would also be the pin code when you want to save a file of the wallet to keep it safe for backup purposes.

Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 27, 2024, 03:43:40 AM
 #5

Well my wallet has a 24 word plus pass phrase on it. It's the backup file that was made with a 12 word seed phrase. When you generate a cold card Q backup file it also generated a 12 word seed phrase to then encrypt with. I'm just trying to see how secure that backup file is if it were to end up in someone else's possession. My understanding is that the file itself would still be worthless to them without the 12 word seed phrase it's tied to, but wanted to confirm that.
I am having trouble understanding what you want to know but i'll try. I think that Coldcard Q uses pin code to encrypt the device and it is also what you need to access the device. As for the words, I think you created two wallets which is the 24 words and the other is the 12 words. If I am not wrong, the pin code that you set to the device would also be the pin code when you want to save a file of the wallet to keep it safe for backup purposes.

Yeah you're not understanding correctly. Do you use a Cold Card Q by any chance?(Maybe Mk4 is the same in regards to backup files, I don't know) When you create a Cold Card Backup it gives you a 12 word seed phrase which you need to input when using "Restore from Backup". When you create a backup it creates an encrypted Backup.7z file which you can save to an SD card (or any medium of your choice). The 12 word seed phrase at the point of creating a backup has NOTHING to do with the seed phrase you generated for the wallet, in my case I used a 24 word seed phrase + passphrase for my wallet, but that's irrelevant. When you go to do a cold card restore and select the backup.7z file it generated when you did a backup, it asks for those 12 words that it gave you upon backup (file) creation. I'm trying to figure out if there is any other way a bad actor could utilize that backup.7z file to extract data from it without those 12 words (which again, are NOT wallet seed phrase words, they're specific to the backup file generated ONLY).
Apocollapse
Hero Member
*****
Offline Offline

Activity: 1148
Merit: 796



View Profile
August 27, 2024, 03:58:03 AM
Merited by Lucius (1)
 #6

Yeah you're correct, if somebody compromise your backup file, it's not enough to access your wallet.

The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.

Based on the firmware, you will need 12 words to decrypt the backup file in order to show the BIP39 passphrase of your wallet. Even they have 12 words without backup, they still not able to access your wallet because it will opened other wallet which not yours.

If BIP39 passphrase is active the default behavior is to back-up main wallet - not BIP39 passphrase wallet. From version 5.2.0 users can choose to back-up also BIP39 passphrase wallet.

Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 27, 2024, 04:07:56 AM
 #7

Yeah you're correct, if somebody compromise your backup file, it's not enough to access your wallet.

The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.

Based on the firmware, you will need 12 words to decrypt the backup file in order to show the BIP39 passphrase of your wallet. Even they have 12 words without backup, they still not able to access your wallet because it will opened other wallet which not yours.

If BIP39 passphrase is active the default behavior is to back-up main wallet - not BIP39 passphrase wallet. From version 5.2.0 users can choose to back-up also BIP39 passphrase wallet.

Great, thank you for the clarification and confirmation. I may go ahead and store this backup file on an encrypted Kingston IronKey then and stash it away. Rather it be there than on the SD card I use with the Cold Card device itself.
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7551



View Profile WWW
August 27, 2024, 11:43:49 AM
 #8

Great, thank you for the clarification and confirmation. I may go ahead and store this backup file on an encrypted Kingston IronKey then and stash it away. Rather it be there than on the SD card I use with the Cold Card device itself.
Be careful with storing any important backup files on USB drives, especially if this is your only backup.
USB can get corrupted in time much easier than regular hard drives, I know many examples of USB sticks getting broken after connected with computer.
Industrail grade SD drives should be better for this purpose.


█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 27, 2024, 04:42:02 PM
 #9

Great, thank you for the clarification and confirmation. I may go ahead and store this backup file on an encrypted Kingston IronKey then and stash it away. Rather it be there than on the SD card I use with the Cold Card device itself.
Be careful with storing any important backup files on USB drives, especially if this is your only backup.
USB can get corrupted in time much easier than regular hard drives, I know many examples of USB sticks getting broken after connected with computer.
Industrail grade SD drives should be better for this purpose.



For sure, all hardware and storage mediums can fail, which is why redudency is important. I'm using the encrypted Kingston IronKey for one location, and a SanDisk micro SD for another. I know the SanDisk one isn't "industrial grade" so I'll need to upgrade that. Do you suggest a Kingston Industrial grade SD card, one of the ones CoinKite sells (which is probably over priced), or another brand of industrial grade SD card? I'm gonna keep a backup of my Cold Card Q on 3 mediums. Encrypted USB IronKey, and 2 separate Industrial Grade SD cards, just need to figure out which brand to go with. Ontop of that I'm using 2 Keystone Tablet Plus metal seed storages. One for my main 24 word seed, and one for my backup file 12 word seed.
PX-Z
Hero Member
*****
Offline Offline

Activity: 1624
Merit: 968


pxzone.online


View Profile WWW
August 27, 2024, 11:52:03 PM
 #10

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?
That's obvious, that's useless although they might think it might have funds since word seeds are compose of some 12, 18, 24 words. But yeah, you are safe for that. But why would you do that, imagine you're going to import that backup but you forgot the 12 where  you put it and that one you remember is in the .7z file. It would be a disaster.

Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 28, 2024, 03:12:51 AM
 #11

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?
That's obvious, that's useless although they might think it might have funds since word seeds are compose of some 12, 18, 24 words. But yeah, you are safe for that. But why would you do that, imagine you're going to import that backup but you forgot the 12 where  you put it and that one you remember is in the .7z file. It would be a disaster.

I'm not sure I understand what you're saying. If I lost the 12 words that protects the backup file then I'd just use the 24 word seed phrase to my wallet and restore the wallet. Sure I'd lose some settings and such stored in the back up, but that's not a HUGE deal.
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7551



View Profile WWW
August 28, 2024, 07:12:26 PM
 #12

Do you suggest a Kingston Industrial grade SD card, one of the ones CoinKite sells (which is probably over priced), or another brand of industrial grade SD card?
Any industrial grade SD card should be fine, just look one with better warranty, but I think sandisk are currently one of the best.
To be honest I don't recommend anyone to use Coldcard devices, owner NVK is mentally unstable, they are constantly deceiving customers with fake claims and statements, and their devices are not open source.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 29, 2024, 04:06:52 AM
 #13

Do you suggest a Kingston Industrial grade SD card, one of the ones CoinKite sells (which is probably over priced), or another brand of industrial grade SD card?
Any industrial grade SD card should be fine, just look one with better warranty, but I think sandisk are currently one of the best.
To be honest I don't recommend anyone to use Coldcard devices, owner NVK is mentally unstable, they are constantly deceiving customers with fake claims and statements, and their devices are not open source.


Well, I'm sure it's better than the Tangem wallet I was using, and I only stack BTC so a multi coin wallet (Tangem) made no sense there, figured with all the recommendations for CC I'd go ahead and grab the latest Q variant. I'm not saying your claims are false but it seems like everyone has an opinion. I could just as easily get a Trezor, or Ledger, or some other brand and eventually run across a post of someone suggesting to stay away from that brand or this brand as well. There is no winning I guess.
Peanutswar
Legendary
*
Offline Offline

Activity: 1722
Merit: 1303


Top Crypto Casino


View Profile WWW
August 29, 2024, 02:41:10 PM
 #14

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?

It seems you are using a zip package afaik there's a password feature with that zip file that you can use to secure your seed phrase and of course this is the core if your wallet once other people have an access on this possible they will get stole your money instantly, if you have time try to backup into a physical paper, most of the cold wallet have their own paper that let you write the seed phrase in case you forgot so you don't need to save it online. Also if you have large amount of asset you can check your wallet too with the help of explorers.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
█████████
.
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 29, 2024, 05:09:48 PM
 #15

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?

It seems you are using a zip package afaik there's a password feature with that zip file that you can use to secure your seed phrase and of course this is the core if your wallet once other people have an access on this possible they will get stole your money instantly, if you have time try to backup into a physical paper, most of the cold wallet have their own paper that let you write the seed phrase in case you forgot so you don't need to save it online. Also if you have large amount of asset you can check your wallet too with the help of explorers.

Of course I've written it down on paper, and I'd never save it online, not sure what I said that gave that impression. I'm using paper, metal, and an encrypted USB drive (for the CC backup file). That would be insane to save any of this stuff online, hah.
BitMaxz
Legendary
*
Offline Offline

Activity: 3430
Merit: 3165


Playbet.io - Crypto Casino and Sportsbook


View Profile WWW
August 29, 2024, 09:17:46 PM
 #16

Of course I've written it down on paper, and I'd never save it online, not sure what I said that gave that impression. I'm using paper, metal, and an encrypted USB drive (for the CC backup file). That would be insane to save any of this stuff online, hah.
So you have two backups the file(backup.7z) and the 24 seed phrase?

I don't think you still need the backup file since you already have the 24 seed phrases but the purpose of having a backup file from Cold Card Q is an extra backup but 24 seeds should be enough unless you want the backup file because it provides extra protection leaving the 24 phrases unprotected can be easily recover physically.

I don't think you still need the backup file you make things complicated when recovering your wallet.

However, since you said you generated the 24 seed phrase with an extra word(passphrase) if someone stole this backup they can't still able to access your wallet and it should be safe from physical attack and should be enough to keep your wallet protected.

Well, it's up to you how you protect your wallet based on what you said above I don't see anything that can risk your wallet just make sure everything is offline.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
Solo6R (OP)
Jr. Member
*
Offline Offline

Activity: 52
Merit: 16


View Profile
August 29, 2024, 10:59:16 PM
 #17

Of course I've written it down on paper, and I'd never save it online, not sure what I said that gave that impression. I'm using paper, metal, and an encrypted USB drive (for the CC backup file). That would be insane to save any of this stuff online, hah.
So you have two backups the file(backup.7z) and the 24 seed phrase?

I don't think you still need the backup file since you already have the 24 seed phrases but the purpose of having a backup file from Cold Card Q is an extra backup but 24 seeds should be enough unless you want the backup file because it provides extra protection leaving the 24 phrases unprotected can be easily recover physically.

I don't think you still need the backup file you make things complicated when recovering your wallet.

However, since you said you generated the 24 seed phrase with an extra word(passphrase) if someone stole this backup they can't still able to access your wallet and it should be safe from physical attack and should be enough to keep your wallet protected.

Well, it's up to you how you protect your wallet based on what you said above I don't see anything that can risk your wallet just make sure everything is offline.

I won't disagree with you here, you're likely right on the money. I'm just paranoid. I pretty much run on anxiety, and it's not healthy, hah. Anyways I'll stop over thinking it and just accept that I'm OK with my metal, and paper seed phrase backups and stop over thinking it. Cheers and appreciate your input!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!