I’m a seedsigner maxi. I’ve build two and I only use the pi zero with no WiFi
Discussion
I mean the coldcard is still solid though right?
Granted this grifting is off putting, the device isn't flawed?
Depends on who you ask. The secure elements on the CC have apparently been hacked. But I haven’t confirmed personally only read about it. And their software is no longer truly FOSS. You can only read the code.
Hacked as in; if my cc gets stolen my seed is comprised ?
Yes I'm not a fan of the Foss thing
Yes. The person would need physical access to your CC from what I read. Then they could deploy the hack to the secure element. So as long as that fits your risk model and it hasn’t been plugged into a computer (eg you’re using is truly air gaped) you’re probably fine.
There are ways to exfiltrate data through a QR or SD card airgap. SD card is easiest; write to hidden blocks.
QRs can be modulated in other ways such as delay time, intentional error faults, or other choices.
There is also the fact that anything that exists emits EMI, and the Coldcard is no exception. This can be abused to create signals that contain your seed + can be detected at quite a distance using a box the size of a Pi.
The secure elements in the products have had attacks done on them several times. The maker of the SE chips only released incremental updates that do not fix the fundamental flaw.
The original company that made the SE IC is long defunct too. It’s like maintaining an old codebase with no one around.
There are also several critical flaws in the design of the Coldcard that allow undetectable supply chain attacks.
Thanks for that. What's your preferred cold storage?
Currently, a Ledger Nano S with Sparrow. Not my preferred though.
I am working on mu own cold storage product that is built on a security-certified secure element with custom firmware on the SE.
There’s also the option to use an SS.
If you have any questions about SEs let me know.
I appreciate the info. In my case I am only capable of buying the best hardware. I'm not tech savy and not in a position to learn.
But thank you for the offer kind fren.
The SS is pretty intuitive. Certainly worth the time and effort if we are talking about retirement money and securing BTC. If you can raise a kid or follow a cooking recipe you got this!
Okay. nostr:nprofile1qqs9kuhw2rt0zx3dr45vddm25q0tj9jdg2wwmya8g7a36pzlcvc3sfs56demg I need a few weeks to a month. I don't even have a desk or power at the moment.
I accept your challenge. And will report back with questions when I am ready 👊
OK nostr:nprofile1qqs9kuhw2rt0zx3dr45vddm25q0tj9jdg2wwmya8g7a36pzlcvc3sfspzamhxue69uhkxun9v968ytnwdaehgu3wwa5kuegpp4mhxue69uhkummn9ekx7mq0wg87y new fren! I will give it a go in a month or so.
Need to set up some power and a desk here in the bush. Probably get starlink set up too.
I may have questions.
Thanks for the motivation. 👊
How do you prevent the Dark Skippy attack with a seed signer?
It’s not in my threat vector. I need to be aware that it exists, but I have physical access security measures to avoid this.