#asknostr #coldcard
Ok, my mind is going in all directions thinking about coldcard opsec. If someone took my coldcard and found the pin, couldnt they take the bitcoin because the device knows the seedphrase? They could duplicate the coldcard onto another device, right? Would using a passphrase prevent this? Dont beat me up if this is a dumb question.
Yes and yes
Valid. Not dumb at all. As far as I understand, a code is required to even get into the device, then the seed phrase, keys are required to access the actual coin.
using a passphrase absolutely adds a layer of security
it’s a whole other wallet within your wallet
in this scenario, the attacker would need to know your PIN and the passphrase, which is essentially another seedphrase
You’re correct. Bottom line is, if someone takes your CC you have a ticking clock to use your private keys and move it to a new set of private keys.
I find it easier to store metal (seedphrase) than a device. Wondering if using hardware just makes things more complicated, harder to secure because you also need to secure the device. Unless you do multisig?
Hardware is to sign send transactions. Hence why many want to refer to them as signing devices as opposed to wallets. Additionally, they do help generate private keys. All depends on what you want to do with your UTXOs.
Yes they could take the money if they knew the pin. They could either send it to another wallet or they could prompt the cold card to show them your seed phrase. Using a pass phrase actually creates a second wallet, which is your seed phrase plus the pass phrase. So when they got into your coldcard, they would see what is in the non-passphrase wallet but there is nothing to alert them to the fact that you also have a passphrase wallet. That’s why it can be a good idea to keep a minority of your funds in the wallet with no passphrase as a decoy, so they think they got all your money. I didn’t realize until recently that adding a passphrase actually gives you a second private key that is completely different than the original seed phrase. The coldcard doesn’t indicate that there is any passphrase associated with it, so there is nothing to give someone a clue that you have one. Just remember that adding a passphrase does not protect whatever funds are in your current wallet. You have to send them to the new address protected by the passphrase.
A passphrase effectively adds a 13th or 25th seed word to your conventional key phrase. I think the best thing is to keep two identically cloned cold cards locked up at two different secure locations other than your house. So if you lose access to one of them you can still retrieve the other for signing transactions. Then of course have a steel version of your seed somewhere offsite in a secure third location. A laminated business card sized paper copy can be hidden in a fourth location. One of your cold card locations can be at a trusted, armed friend’s place who you’d have to call to go get it if you were under duress. Uttering a certain word during that call could be a signal to strap up or call the cavalry.
There’s also lots of options to achieve this with multisig.
Well shoot, the more difficult you make it for an attacker to get your btc, the more complexity it adds to securing your btc. Now you have the pin to protect, the seedphrase to protect, the passphase to protect, so another seedphrase to protect, and of course the device itself to protect. Maybe i need to re-think the whole opsec thing. I prefer simplicity.
If they can find your pin, why can't they find your passphrase?
Think of your pin as your passphrase and its as safe as your passphrase. Treat your passphrase as badly as you treat your pin, and its as vulnerable as your pin.
The pin is up to 6 (or is it 8) characters long, that's a lot of brute forcing. PLUS:
1. The anti maid attack feature where it has you confirm some words based on your device and first half of your pin protects you from giving your pin away to a malicious hacking device (physical phishing)
2. The kill-myself feature prevents someone from using brute force to break in way before they have tried enough times to have broken your pin, even if it were just 4 digits long.
Is it possible to make the cold card stateless? Like jade or seedsigner?
Does stateless mean that you make your own seedphrase?
No, means the device does not store the seed phrase. It would have to be loaded on any time you want to spend.
Oh, now that sounds like something.
So Jade is stateless??
Can be, i think there are options with jade
Then for me, a stateless device might be preferable. Can only use device by inputting seed. That way i only really need to worry about securing the metal seed. I can do that. With all the other methods, i would be more afraid of forgetting where i hid something, than of someone else stealing it.
And if you are using sparrow via xpub you can easily add receive btc without having to load the seed since that is only needed for spending/moving/consolidation etc
Yes thats what i have been doing, but the more i think about all these other things i would need to secure, it gets complicated. I need to find out if coldcard has a feature to do a stateless setup. Thanks for that idea.
Wouldn’t securing the metal seed be just as difficult as securing the passphrase or pin?
I'm still thinking about the best method for me. Wont be making any changes until i have thought it through some more. I guess i just started thinking about the device, the passphrase, the pin, the "trick pin" the "decoy wallet", and it started to sound like a nightmare if i forgot or lost one of those items. Still up in the air about it all.
Yes, absolutely.
And the part that would worry me is if something would happen to me and my wife would need to retrieve the funds.
Which would mean that I would need to leave instructions (including seed, pin, passphrase, etc.) that were secure but also something that she could take to a trusted friend and they could help extract the funds.
Yes, so even more pieces to hide.😒
Why not set up a multisig?
