Nostr Web Client

So I wanted to deep dive on the old NONCE attack on hardware wallets, specifically whether the COLDCARD Mk4 leverages each of it's True Random Number Generators (TRNG) on both secure elements to generate random numbers and combine them using XOR.

Checking out this blog post... and HOLY SHIT, my respect for COLDCARD's security just skyrocketed. They don’t just use both secure elements but they also throw in the Microprocessor’s TRNG and XOR them together, with all of them chatting over a few millimeters of copper via encrypted comms. And that’s just scratching the surface!

No wonder nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 loses his mind when people use Raspberry Pis as hardware wallets.

This is the blog post:

https://blog.coinkite.com/understanding-mk4-security-model

It's worth a read if you want a wow moment 🙂

Reply to this note

Please Login to reply.

Discussion

Dion Wilson 1y ago

Can anyone help me troubleshoot a Coldcard?

NostrGarden 1y ago

Contact Coinkite, they have great customer service. What issue are you having?

Dion Wilson 1y ago

Flashing screen with “verify” than blank screen with red light

NostrGarden 1y ago

Reach out to Dee: https://primal.net/p/npub1zeqal9sxuqlse6zjezettwng54534zuve6uwy4ks5at7swlmnpysg6m6xm

stl1988 1y ago

Coldcards would be good if they wouldn't randomly break after a short amount of time.

Dee 1y ago

Hey! If you’re having any issues with our products feel free to email us anytime and we can see how we can help.

stl1988 1y ago

It's already too long after my Coldcard Q broke only 10 days after purchase. Would this still count?

Also, I posted a few new device ideas on r/coldcard, one if them that could hopefully help to find and fix these breaking issues.