Coldcards would be good if they wouldn't randomly break after a short amount of time.
So I wanted to deep dive on the old NONCE attack on hardware wallets, specifically whether the COLDCARD Mk4 leverages each of it's True Random Number Generators (TRNG) on both secure elements to generate random numbers and combine them using XOR.
Checking out this blog post... and HOLY SHIT, my respect for COLDCARD's security just skyrocketed. They don’t just use both secure elements but they also throw in the Microprocessor’s TRNG and XOR them together, with all of them chatting over a few millimeters of copper via encrypted comms. And that’s just scratching the surface!
No wonder nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 loses his mind when people use Raspberry Pis as hardware wallets.
This is the blog post:
https://blog.coinkite.com/understanding-mk4-security-model
It's worth a read if you want a wow moment 🙂
Discussion
Hey! If you’re having any issues with our products feel free to email us anytime and we can see how we can help.
It's already too long after my Coldcard Q broke only 10 days after purchase. Would this still count?
Also, I posted a few new device ideas on r/coldcard, one if them that could hopefully help to find and fix these breaking issues.