Cold Card Q backup file

[Solo6R]

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?

[Ever-young]

If someone gains access to your backup files, they can't completely have access to your wallet, but the chances of obtaining your wallet data will be slim.
 
Based on my own understanding, the 12-word seed phrase that you have assigned to your wallet serves as the encryption key that can allow anyone to access the wallet data. That's to say that your 12-word seed phrase is what's most important in your wallet, but if you are to lose access to them, our only little chance of getting them back is through backup files.
 
I'm open to correction if what I have assumed is wrong.

[Solo6R]

If someone gains access to your backup files, they can't completely have access to your wallet, but the chances of obtaining your wallet data will be slim.
 
Based on my own understanding, the 12-word seed phrase that you have assigned to your wallet serves as the encryption key that can allow anyone to access the wallet data. That's to say that your 12-word seed phrase is what's most important in your wallet, but if you are to lose access to them, our only little chance of getting them back is through backup files.
 
I'm open to correction if what I have assumed is wrong.

Well my wallet has a 24 word plus pass phrase on it. It's the backup file that was made with a 12 word seed phrase. When you generate a cold card Q backup file it also generated a 12 word seed phrase to then encrypt with. I'm just trying to see how secure that backup file is if it were to end up in someone else's possession. My understanding is that the file itself would still be worthless to them without the 12 word seed phrase it's tied to, but wanted to confirm that.

[nakamura12]

Well my wallet has a 24 word plus pass phrase on it. It's the backup file that was made with a 12 word seed phrase. When you generate a cold card Q backup file it also generated a 12 word seed phrase to then encrypt with. I'm just trying to see how secure that backup file is if it were to end up in someone else's possession. My understanding is that the file itself would still be worthless to them without the 12 word seed phrase it's tied to, but wanted to confirm that.

I am having trouble understanding what you want to know but i'll try. I think that Coldcard Q uses pin code to encrypt the device and it is also what you need to access the device. As for the words, I think you created two wallets which is the 24 words and the other is the 12 words. If I am not wrong, the pin code that you set to the device would also be the pin code when you want to save a file of the wallet to keep it safe for backup purposes.

[Solo6R]

Well my wallet has a 24 word plus pass phrase on it. It's the backup file that was made with a 12 word seed phrase. When you generate a cold card Q backup file it also generated a 12 word seed phrase to then encrypt with. I'm just trying to see how secure that backup file is if it were to end up in someone else's possession. My understanding is that the file itself would still be worthless to them without the 12 word seed phrase it's tied to, but wanted to confirm that.

I am having trouble understanding what you want to know but i'll try. I think that Coldcard Q uses pin code to encrypt the device and it is also what you need to access the device. As for the words, I think you created two wallets which is the 24 words and the other is the 12 words. If I am not wrong, the pin code that you set to the device would also be the pin code when you want to save a file of the wallet to keep it safe for backup purposes.

Yeah you're not understanding correctly. Do you use a Cold Card Q by any chance?(Maybe Mk4 is the same in regards to backup files, I don't know) When you create a Cold Card Backup it gives you a 12 word seed phrase which you need to input when using "Restore from Backup". When you create a backup it creates an encrypted Backup.7z file which you can save to an SD card (or any medium of your choice). The 12 word seed phrase at the point of creating a backup has NOTHING to do with the seed phrase you generated for the wallet, in my case I used a 24 word seed phrase + passphrase for my wallet, but that's irrelevant. When you go to do a cold card restore and select the backup.7z file it generated when you did a backup, it asks for those 12 words that it gave you upon backup (file) creation. I'm trying to figure out if there is any other way a bad actor could utilize that backup.7z file to extract data from it without those 12 words (which again, are NOT wallet seed phrase words, they're specific to the backup file generated ONLY).

[Apocollapse]

Yeah you're correct, if somebody compromise your backup file, it's not enough to access your wallet.

The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.

Based on the firmware, you will need 12 words to decrypt the backup file in order to show the BIP39 passphrase of your wallet. Even they have 12 words without backup, they still not able to access your wallet because it will opened other wallet which not yours.

If BIP39 passphrase is active the default behavior is to back-up main wallet - not BIP39 passphrase wallet. From version 5.2.0 users can choose to back-up also BIP39 passphrase wallet.

[Solo6R]

Yeah you're correct, if somebody compromise your backup file, it's not enough to access your wallet.

The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.

Based on the firmware, you will need 12 words to decrypt the backup file in order to show the BIP39 passphrase of your wallet. Even they have 12 words without backup, they still not able to access your wallet because it will opened other wallet which not yours.

If BIP39 passphrase is active the default behavior is to back-up main wallet - not BIP39 passphrase wallet. From version 5.2.0 users can choose to back-up also BIP39 passphrase wallet.

Great, thank you for the clarification and confirmation. I may go ahead and store this backup file on an encrypted Kingston IronKey then and stash it away. Rather it be there than on the SD card I use with the Cold Card device itself.

[dkbit98]

Great, thank you for the clarification and confirmation. I may go ahead and store this backup file on an encrypted Kingston IronKey then and stash it away. Rather it be there than on the SD card I use with the Cold Card device itself.

Be careful with storing any important backup files on USB drives, especially if this is your only backup.
USB can get corrupted in time much easier than regular hard drives, I know many examples of USB sticks getting broken after connected with computer.
Industrail grade SD drives should be better for this purpose.

[Solo6R]

Great, thank you for the clarification and confirmation. I may go ahead and store this backup file on an encrypted Kingston IronKey then and stash it away. Rather it be there than on the SD card I use with the Cold Card device itself.

Be careful with storing any important backup files on USB drives, especially if this is your only backup.
USB can get corrupted in time much easier than regular hard drives, I know many examples of USB sticks getting broken after connected with computer.
Industrail grade SD drives should be better for this purpose.

For sure, all hardware and storage mediums can fail, which is why redudency is important. I'm using the encrypted Kingston IronKey for one location, and a SanDisk micro SD for another. I know the SanDisk one isn't "industrial grade" so I'll need to upgrade that. Do you suggest a Kingston Industrial grade SD card, one of the ones CoinKite sells (which is probably over priced), or another brand of industrial grade SD card? I'm gonna keep a backup of my Cold Card Q on 3 mediums. Encrypted USB IronKey, and 2 separate Industrial Grade SD cards, just need to figure out which brand to go with. Ontop of that I'm using 2 Keystone Tablet Plus metal seed storages. One for my main 24 word seed, and one for my backup file 12 word seed.

[PX-Z]

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?

That's obvious, that's useless although they might think it might have funds since word seeds are compose of some 12, 18, 24 words. But yeah, you are safe for that. But why would you do that, imagine you're going to import that backup but you forgot the 12 where  you put it and that one you remember is in the .7z file. It would be a disaster.

[Solo6R]

I've assigned a 12 word seed phrase to the backup file of my cold card Q (separate seed than my wallets 24 word seed), and was curious about what someone could do with just the backup.7z file itself if for some reason it fell into the wrong hands. I suspect they would still need that 12 word seed phrase in order to access, and make use of it, right?

That's obvious, that's useless although they might think it might have funds since word seeds are compose of some 12, 18, 24 words. But yeah, you are safe for that. But why would you do that, imagine you're going to import that backup but you forgot the 12 where  you put it and that one you remember is in the .7z file. It would be a disaster.

I'm not sure I understand what you're saying. If I lost the 12 words that protects the backup file then I'd just use the 24 word seed phrase to my wallet and restore the wallet. Sure I'd lose some settings and such stored in the back up, but that's not a HUGE deal.

[dkbit98]

Do you suggest a Kingston Industrial grade SD card, one of the ones CoinKite sells (which is probably over priced), or another brand of industrial grade SD card?

Any industrial grade SD card should be fine, just look one with better warranty, but I think sandisk are currently one of the best.
To be honest I don't recommend anyone to use Coldcard devices, owner NVK is mentally unstable, they are constantly deceiving customers with fake claims and statements, and their devices are not open source.

[Solo6R]

Do you suggest a Kingston Industrial grade SD card, one of the ones CoinKite sells (which is probably over priced), or another brand of industrial grade SD card?

Any industrial grade SD card should be fine, just look one with better warranty, but I think sandisk are currently one of the best.
To be honest I don't recommend anyone to use Coldcard devices, owner NVK is mentally unstable, they are constantly deceiving customers with fake claims and statements, and their devices are not open source.

Well, I'm sure it's better than the Tangem wallet I was using, and I only stack BTC so a multi coin wallet (Tangem) made no sense there, figured with all the recommendations for CC I'd go ahead and grab the latest Q variant. I'm not saying your claims are false but it seems like everyone has an opinion. I could just as easily get a Trezor, or Ledger, or some other brand and eventually run across a post of someone suggesting to stay away from that brand or this brand as well. There is no winning I guess.