Episode Transcript
[00:00:00] Speaker A: Using the cold card mark four is pretty straightforward, yet what goes on under.
[00:00:06] Speaker B: The hood is far from obvious technical documentation. The hardware specifications and code used are available, yet not easily understandable by all. To best understand what's going on under.
[00:00:19] Speaker A: The hood, we will go through the process of setting up a cold card and using it.
[00:00:25] Speaker B: The mechanics involved will be broken down at each step of the process.
[00:00:29] Speaker A: This way you will have a holistic.
[00:00:31] Speaker B: View of the cold cards.
[00:00:33] Speaker A: Security the best in bitcoin made audible I am Guy Swan and this is bitcoin audible.
[00:00:57] Speaker B: What is up guys? Welcome back to bitcoin Audible. I am Guy Swan, the guy who has read more about bitcoin than anybody else. You know. This is my radio, boys. Alright, we got, we got a really fun read today. This one, actually, MVK sent me and he was like, dude, can you do an audio of this one? And I was just going to send it to him, but it's about the cold cardinal and this. I thought this would actually be really fun to do on the show, which I think are, which I didn't even talk to him about it, but I think our sponsorship is expired, so I don't know if we're re upping or anything, but you should still use my affiliate link if you haven't got your cold card yet because that supports the show and I love the cold card and it's very possible that the show is still brought to you by the cold card. But I'll be perfectly honest, I don't really know at this moment. I'll let you know little later.
[00:01:51] Speaker A: However, for this episode, if you did.
[00:01:56] Speaker B: Not know how kind of the design philosophy and the thinking and how each of the elements of hardware wallets work together, how how they treat the design philosophy and think of each piece of this from the context of which different type of attacks that you want to protect against, where the supply chain becomes a risk, where the risk and or trade off of trusting a manufacturer of a secure element, how do you mitigate that? How do you create and think about the design philosophy of making something that is secure, that will only work if.
[00:02:39] Speaker A: Everything is exactly as it is supposed to be, and that if it doesn't.
[00:02:43] Speaker B: It keeps your bitcoin safe and simply it will signify, it will show you in some way, or it will be unable to simply move forward because all of the pieces are not aligned. And I personally love thinking about this stuff and this is, this is a super nerdy way to think about it, but I love it in the context of like story writing is when you think about adversarial scenarios and all of these different ways that you can protect this thing and all of the different avenues of attack and how to protect it, it's a really great way to kind of find the nuance in creating, like, kind of, like, puzzle heist stories. And if you're ever going to write, like, a spy novel or a heist or some shit with a crazy twist, this is the kind of, like, primo research to think about all of the different ways to find that kind of, like, sweet spot. It's like, okay, well, how could you.
[00:03:39] Speaker A: Make something that seemed perfect, that seemed.
[00:03:42] Speaker B: Super secure, but you could get into it in one very particular way, and you didn't want to reveal it until the end because that's what made it so great? Well, I think the way that you do that is to understand the security design architecture, to understand how these pieces are put together. And I inevitably can't help but want to, you know, make a bitcoin heist sort of story, being a filmmaker at heart. But if you're not kind of a total doofus like me and you just want to understand how the hardware wallet itself is secure and understand why this is such a great technical decision, a great practical decision for securing your bitcoin, well, then this is great for that as well. And so, even if you don't pull everything out of this article, I think this is a really good thing to cover, especially if you have a cold card, so that you can just kind of understand what all goes into this. And so, if you will nerd out with me on today's article, and it's.
[00:04:48] Speaker A: Titled understanding the Cold Card Mark IV. Security model and secure element use by Tristan Solari.
Using the cold card mark iv is pretty straightforward, yet what goes on under the hood is far from obviously technical documentation. The hardware specifications and code used are available, yet not easily understood by all. To best understand what's going on under the hood, we will go through the process of setting up a cold card and using it. The mechanics involved will be broken down at each step of the process. This way, you will have a holistic view of the cold card's security.
Using your cold card for the first time, fresh from the factory, your cold card mark iv will arrive in a sealed, tamper evident bag. On it, you'll notice a number which is unique to every cold card manufactured. There will also be a copy of this number included in the bag. This same number will appear on the device screen when you turn it on for the first time. Since it is recorded into the OTP, the one time programmable flash memory what is OTP flash? OTP or one time programmable flash is a type of non volatile memory. Info remains even if the device is powered down, that can only be written to a single time. It is used for storing data that should not be modified after it is programmed. Unlike regular flash memory, OTP flash cells do not have the ability to be erased and reprogrammed because the circuit that erases them is not provided. When an OTP flash cell is manufactured, it is programmed with all one s and then you can clear some of the bits to zero. However, once a bit is cleared, it cannot be set back to one. Additionally, on this specific chip and ECC error correction code is applied and written adjacent to the cell during programming. The ECC allows for detection and correction of errors that may occur during the write process and prevents further writes to the OTP flash cell. The ECC value and the value itself are locked, making the OTP flash a secure and reliable option for data storage.
Benefits of the packaging and bag number it proves that you are the one powering up the cold card for the first time. It enforces secure supply chain, not an intercepted package, and the bag cannot be replaced or resealed. The goal here is to ensure that no one has intercepted your package and fiddled with it in any way.
Power on once you've inspected that the bag in which it came in is intact and that the number written on it matches the copy found inside, you will plug your cold card to a battery using the USB C connector.
You will then be faced with the bag number. As mentioned above, it's stored in a secure area of the flash memory at the coinkite factory and approved by a verifiable cryptographic signature used to identify themselves as the original source of this information. Now, you may ask yourself, how can I trust this information? First, the bootloader, the computer program that handles starting a computer, will not run the device's firmware software. That gives the basic instructions for how the hardware should operate and interact with other software running on a device if it is unsigned or signed incorrectly. Second, if anything were to be changed at the bootloader or firmware level, the red caution light would turn on, indicating that something went wrong. We'll get into more detail later.
Securing the device if all goes well in the previous step, there will be a solid green light on the front of the device. Now that the cold card is up and running, we can proceed to the next step, deciding on your pin and writing down your anti phishing words. The pin has many roles. Access to your device and seed phrase, which is twelve or 24 words, is protected by the knowledge of the pin. It cannot be brute forced. There are only 13 tries. It works with anti phishing words to prevent trojan devices. It's tightly integrated with the secure elements and their protection of the seed phrase.
The pen is made up of two parts, a prefix and a suffix, each being two to six digits in length. After entering the prefix, two words known as the anti phishing words are generated. These words are taken from the Bip 39 word list and used as an additional security method to help prevent attacks like an evil maid attack or a trojan horse where you think that you're using your cold card, but in fact it's a fake one used to collect your Pin code. Once you note them down, you can proceed by entering the second part of your PIn. Note that if you enter the same prefix on a different new cold card, you won't be getting the same anti phishing words. Since each cold card device has a unique secret held within secure element one generating your private key.
Hardware brief the main hardware components at play at this step are the secure elements, or sedan, and the microcontroller. What is a secure element? Think of it as a safe containing secrets that can work in conjunction with other elements found in your hardware device. If the proper clearances are provided, it can defend the secrets held within it against sophisticated software and hardware attacks. Data processed on a secure element is isolated from software found elsewhere in the operating system.
What is an MCU? The MCU acts like a little brain, but instead of telling your lungs to expand and retract and your heart to beat, it directs other portions of an electronic system. The cold card MK four, unlike its predecessors and other products like it on the market, has two secure elements, microchips Atecc 608 B, which we will refer to as se one, or secure element number one, and maxims DS 28 C 36 B, referred to as se two, both designated by the arrows marked with shoot these on the front of the device. On the backside of the device you will notice the microcontroller, or MCU, the STM 32 L four s five vit six, which is the large chip near the top.
The process now that your pin and anti phishing words are determined, the cold card MK four is ready to generate your private key. A source of entropy, or randomness, is required to pick your private key. The cold card uses a true random number generator found inside the MCU. To do so, the entropy used for seed picking is also seeded by a random number generator from both secure element one and secure element two. This means that three true random number generators are involved, se one, se two, and MCU.
The number obtained is then run through a secure hash algorithm with a digest size of 256 bits or the SHA 256. The goal here is to remove any bias the random number generator might have. For instance, if the ratio of zero number bits to one number bits is known, for example, 10% are zero and 90% are one, this process will address that and adjust the ratio to 50 50. We called this whitening.
SHA 256 is one of the most widely used and secure hashing algorithms and is core to bitcoin. Having secured trillions in us dollar equivalent in transactions up until now, you are not required to completely trust this process either. You have the option of using the dice rolls method instead to complement or replace this step. Each roll of a D six dice provides 2.585 bits of entropy. By adding 100 dice rolls, you will have the entropy necessary to be secure. You can even verify the math yourself. It's critical that you do the actual dice rolls for this to work and not fake it. Once the private key is determined, it is encrypted, then stored in Se one, and remains protected by your pinnace. The advantage of storing it here is that it is physically separated from the MCU, which isnt a device designed to withstand physical attacks. Note that we do not want to trust the secure element one, which is why we encrypt the private key before storing it. The encryption is done with AES 256 CTR using a 256 bit key determined by a combination of factors from Se one, Se two, and the main microcontroller.
This means that the secure element one alone cannot decrypt the private key. Therefore, we can leverage SE ones security benefits, all the while not exposing sensitive information to it. The MCU replaceable key is set once a new seed is stored in SC one. This is an additional secret held in the MCU that plays a role in providing a decryption key. To gain access to the private key, the MCU secure element one and secure element two are needed to decrypt Se one's copy of the seed, so we can just quick wipe by forgetting the MCU part of the key. Since the actual AE's key is still unknown, however, you are limited to 256 wipes of this key.
What is AE's 256?
AE's 256 is a type of encryption that uses a key with 256 bits or 32 bytes of length to encrypt data. It is widely deployed in all commercial cryptosystems and many military ones as well. Being a 256 bit key, it is not feasible to brute force guessing the answer through systematic trial and error. Used for protecting all web traffic, your bank cards, Visa, MC, Amex and nearly everything everywhere. You dont need to worry about AE's being the weak link. Remember we are also using the physical protections of the SE chips, the secure elements designed to even resist probing by lasers. Central to the design of the mark four is that both Se one and Se two, plus the main micro need to be fully cracked to get the seed phrase out of a cold card.
Accessing the private key lets say you close your device after setting it up for the first time and now you wish to use it again to sign a bitcoin transaction. Accessing the private key involves communicating pairing secrets between Se one, Se two and the MCU. In other words, they must authenticate themselves to one another to establish an electrical connection between them. To further exchange secrets and access the private key, each chip holds its own secrets and to reveal them takes some advanced cryptography, HMAC, AE's 256 and ECDH.
The MCU holds the pairing secrets accessible only by bootloader. Also holds part of the decryption key for secure element one.
Secure element one holds the private key, but it's encrypted. Secure element two knows trick pins and part of the decryption key that the secure element one needs.
Once valid pairing secrets are shared between the chips, the communication between them is enabled to allow access to the private key. Here is what the process looks like under the hood. One, you enter a pin. Two, the MCU authenticates itself with the Se two and checks if it's a trick pin. The SE two doesn't know the true pin. Three, if it's a trick pin, then it is activated. Four, the Se one, using the correct pin, a public key signature and the ECDH setup will authenticate itself to se two. This will reveal se two's decryption key.
Five, if it's an incorrect pin, an attempt counter is activated. You have a total of 13 login attempts. Six, the three keys are combined using HMAC into a single decryption key used to decode the data previously stored in se one.
Seven, using both the mcus and SE twos decryption keys, you now gain access to Se ones decryption key, thus gaining access to the private key.
Other things to during operation, the main firmware asks for permission to the bootloader to communicate with the secure element the sequence described above implements a data structure that is signed by HMac generated by the bootloader. The bootloader code knows a secret, which it picks and keeps secret behind a hardware firewall held within the MCU.
Secrets are encrypted using AE's 256. The hardware firewall protects the bootloader from access from any other code running on the chip, no matter how it got there. The chips involved must complete a specific sequence using the pairing secrets. If one bit is off, nothing works.
So what are HMAc and ECDH?
Hash based message authentication code, or HMAC, is an authentication technique that uses cryptography to verify that the data is correct and authentic using shared secrets and elliptic curve diffie hellman or ecdhehehehehehehehehehehehehehehehehehehehehehehehehehe is a key establishment protocol using public private key pairs suitable for elliptic curve cryptography, where a shared secret can be communicated over an insecure channel.
Tough to crack monitoring the communication channels between se one and se two and the MCU will not help you. All of their communications, even though only over a few millimeters of copper are encrypted and authenticated. The communications protocols between the SE one, SE two, and MCU are quite involved, and any single bit error will prevent correct operation. Listening alone will not help you, and interjecting introducing new hardware or devices into a system does not help either, thanks to ECDH and the encryption done with shared secrets between the devices.
Using a dual secure element model greatly improves the security of the cold card MK four. Why? Because they do not share bugs and weaknesses since they are from different vendors. It provides dedicated, purpose built secure storage for your seed words. Physically separated from the MCU, it controls the leds so malicious software can't change their behavior, and it removes the possibility of resetting the device due to its heavy involvement in cold card operations.
What if the secure elements are backdoored?
The cold card MK four is designed with security in mind and uses a number of different features to protect your funds, even if one or both of the secure elements were to be backdoored, which means that it was compromised or tampered with by an attacker. One of the key features that helps to protect against backdoors is the use of hardware based security. The secure elements in the cold card MK four are physically separate from the microcontroller unit, which is the part of the device that runs the software. All bitcoin signing is done in the MCU using the same code libsecp two hundred fifty six k one. As in bitcoin core, it has been reviewed by hundreds of coders, both good and evil. The secure elements hold secrets, but they do not manage your bitcoin. This is key for protecting from backdoors in those chips, since we cannot review them because of the dual SE setup. A backdoor which leaks the secrets would need to exist for all three chips.
All communications with these secure elements are done with bootloader code that is set in the coinkite factory, thus not upgradable. The signature verification of new firmware is done by the MCU boot code, which isn't changeable. It's worth noting that even the most secure device can be compromised. It's recommended to follow best practices such as keeping the firmware up to date and regularly checking for suspicious activity. Overall, the cold card MK four is designed to provide a high level of protection for your funds, and it uses multiple layers of security to mitigate potential risks and protect you even if the secure elements were compromised using the private key.
Now that you have access to the private key, you can use it to approve bitcoin transactions. Approving or signing bitcoin transactions can be done offline using a micro SD card. Once you have created a transaction on your wallet software, then you load it onto the micro SD card and insert it into the cold card for verification. To mitigate the risk that malicious software is trying to change the contents of your transaction, the cold card analyzes very carefully the contents of the file. This includes verifying that the inputs of the transaction or Utxos unspent transaction outputs are valid. Verifies that the change going back to your wallet is valid.
Whats with the hardware?
The hardware used and how it operates in the MK four or MK four has been discussed extensively in this article, the most crucial parts being the secure elements.
Why are secure elements good?
As mentioned before, MCu chips are not designed for security or built to withstand physical attacks like decapsulating side channel attacks, fault injection, and more. They are intended for general purposes and focus more on functionality. A secure element is a tamper resistant hardware component that is used to store sensitive information, such as encryption keys and personal identification numbers or pins, in a secure manner. Some of the key reasons why secure elements are considered to be good security because the information stored on a secure element is protected by physical and logical security mechanisms, it is extremely difficult for an attacker to extract the information without detection.
Isolation the secure environment provided by a secure element ensures that sensitive information is kept separate from the main processing environment of the device, reducing the risk of data breaches caused by software vulnerabilities.
With regards to the ones used in the mark four, they are essentially fixed function secure elements. This means that all the code is already pre done in the die of the secure element so that you cant change it, you can only fix settings on it. As mentioned before, the SE doesnt even see the seed. The open MCU does all the bitcoin operations with the open source code and does the encryption of the seed also open source and then puts that encrypted seed inside the secure element.
Why are general purpose computers not good for bitcoin private keys?
A general purpose computer is a type of computer that can be used for a variety of tasks as opposed to being designed for a specific purpose. They typically run a wide range of software programs. Examples include desktop and laptop computers as well as smartphones and tablets. General purpose computers are not well suited for generating or managing bitcoin private keys because they are not built specifically for cryptographic operations. Bitcoin private keys are generated using a specific algorithm that requires a high degree of randomness, and general purpose computers may not be able to provide this level of randomness due to the presence of other software and processes that could affect the key generation process.
Additionally, general purpose computers are also more susceptible to hacking and malware, which could compromise the security of the private keys stored on them. Here is an incomplete list of attacks that a general purpose computer is exposed to. In contrast, hardware wallets, which are specifically designed for generating and storing private keys, are considered to be much more secure.
Why are Raspberry PIs not a good security platform?
Raspberry PIs are not typically considered to be a good security platform for a few reasons. One issue is their lack of built in security features such as hardware based encryption or secure boot capabilities. Being a general purpose computer device, it does not have these built in encryption and other security features to generate private keys and keep them safe. Additionally, raspberry PIs are often used in environments where they may be connected to untrusted networks or devices, making them vulnerable to attack.
There are other important factors that help disqualify the Raspberry PI as a device to use for your bitcoin security. Some are lack of open documentation for the GPU interfaces which does the system startup and initial bootloading and is closed source. It hides behind proprietary broadcom chip bootloader and drivers. The hardware abstraction layer, or Haldeman is at the mercy of Raspberry PI and has closed binaries from Broadcom. The device is also not capable of securely a testing firmware signature. A user can download malicious software from a compromised website and the device cant securely check the signature.
It can be a good device for hobbyists and tinkerers, but the fact remains that it would require an extra effort to secure it and it would not be as secure as a purpose built security device would be.
Oh no, someone is trying to steal my bitcoin.
This last section will cover additional aspects of the cold card Mark IV security architecture that will help defend your funds from malicious actors.
Trick pins trick pins stored in the secure element two allow you to enter a pin code different from the one used to unlock it to deter a potential threat or prevent them from stealing all your funds. They include duress wallet. Entering this pin will give you access to a secondary wallet where you can store some funds that you would be willing to lose when faced with a would be thief. Note that a sophisticated attacker that is able to open the casing of the device and watch the electrical circuits could detect that this is the trick pin.
Long login delay when this trick pin is entered, a countdown timer is shown and the time must elapse before being able to log in, thus gaining you time during an attack.
Brickme pin after entering this pin, your device essentially self destructs, destroying all secrets held within it.
Blank the cold card this pin clears the data within the MCU, resetting the device.
Genuine caution lights the green light on the device indicates that the contents of the flash memory have remained unchanged since you last logged in with the correct pin. The light is controlled by the secure element and enforced cryptographically. This means that once all the checks between the bootloader and the secure elements are done and are valid, the light will turn green, else it's a sign that your device might be compromised. Any change to the flash memory of the MCU will also cause the red light to turn on.
Anti phishing words this feature protects you against a compromised cold card that might look like yours, but it cannot know the two words generated by your device. Your pin prefix is hashed and that answer then goes through a HMAC SHA 256 operation by the secure element one. That new answer is then converted into two words from the bit 39 word list. There are about 4 million possible word combinations, and the bootloader also uses a rate limiting feature where it would take 2 seconds to test each prefix, so about 93 days to go through all the possible combinations.
Passphrase the cold card supports bit 39 passphrases, allowing you to create an unlimited amount of extra wallets using your main private keys by adding more words or characters to your seed phrase. Learn about it here. Link provided this is the ultimate protection, since even if your cold card did lose its secrets, your funds would be safe without knowledge of the BiP 39 passphrase. Similarly, if your backup of your seed phrase was found, the funds cannot be stolen without the passphrase.
The firmware the firmware and code used in the cold card are open source. Take a look for yourself here. Link in the show notes what else is that? The bootloader will not run the main firmware if it is unsigned or signed incorrectly. This means that only coinkite incorporated can produce firmware that will run on this platform. This means that if someone else were to try to introduce their own code into your cold card, it either won't work or the red caution light will turn on. The only policy enforced by the firmware is the pin. Attempt timeout periods. The code that does this is in a restricted part of the bootloader and cannot change.
Conclusion by using this security architecture, you can rest easy knowing that it is currently close to impossible to breach the cold card mark four. The use of two secure elements and a microcontroller for splitting secrets that are only accessible after going through extensive cryptographic handshakes greatly reduces the device's attack surface. Although the secure elements used are closed source, the code that runs on the device isn't. Even if one or both of the secure elements were to be compromised, however unlikely that may be, your private key remains safe. If you still don't have a cold card mark four, you can get yours now. And there will be a link oh so conveniently in the show notes.
[00:32:20] Speaker B: You know how we talk about, we've talked about numerous times on the show, and I think we even brought it up and discussed it a little bit in the roundtable recently with mechanic and Steve and Jeff and me, and we talk about how, like separating out, especially if you're doing something like multisig, is that a large part of the design philosophy is in separating out between different hardware wallets and different manufacturers in order to get a separation of who and what you are trusting. So that if there is any particular compromise, like like if a certain brand or certain element is compromised, that it does not affect your coins, it only affects that individual piece of it, and you can always just easily swap out those that the affecting key if and or when needed. But one of the things that I always found interesting about the cold car design was that they've basically done that exact same thing inside the device. They've kind of created like a three of three multisig situation inside the device, where they have two different secure elements from two different brands with two different risk profiles for who gets compromised or why or when.
Generally, secure elements is funny how many conversations and debates and stuff we've had about whether or not a secure element is the way to go, or whether open source is the way to go for the chip itself. Obviously, each has some degree of trade off, and that's basically a rabbit hole conversation all by itself. But specifically the trade off of the secure element that is operated by some other manufacturer, some other company, that obviously their entire goal is to lock the thing down. But the trade off of using it is that it opens up that degree of trust, which is what's so interesting about what the cold card does about that. By not actually within the structure of the device itself, it's refusing to trust the secure element. It's creating a little tiny, basically, in a sense, a little tiny public private key system to talk between each of those. So that the communication between these devices, the control unit with the open source software, the secure element and secure element one and secure element two, that is basically creating this little public private key system so that assuming that the circuits on the device itself are compromised or unsafe, they can still communicate securely between each other, and that every single, all three of them are needed in order to get the keys back out, in order to actually sign and operate and do anything. So the loss or the vulnerability of one of the secure elements doesn't actually expose the keys. So I always just kind of found that, like, really cool, or just kind of really clever, that it's essentially a philosophy of multisig built into literally the design that the chips in operation on the. On the board itself, inside the cold cardinal, it's the exact same philosophy of like, well, let's split it up between multiple different pieces, and if anything goes wrong at any one stage or at any individual device, at even, you know, a single bit, then the thing just doesn't work. Or it's got essentially hardware function built in to alert you. Or it's literally assuming that the circuits on its actual board are not trustworthy and changes how it communicates to account for the fact that somebody could open up your device and, you know, intercept communication, etcetera. Now, as I said, going into this, none of this is necessary to understand, but the reason I love to geek out about this stuff and to dig into a conversation like this, or just kind of dig into how this works is because even if you only pull like a third of it out or just walk away with kind of a general sense of a lot of the design philosophy and thinking for how the device works. What I would hope is instilled in you just from the conversation in the article, is that if you are holding any meaningful amount of bitcoin, do it on a hardware wallet. Like use a hardware wallet that is designed for this.
Now, as Tristan, as Tristan said here, there is no such thing as a device that cannot be compromised.
But you can get a device that is so difficult to compromise and has so many failsafes that the likelihood of ever losing your money unless you are being targeted specifically by all of the powers that be, together with the sole purpose of trying to get into your coins for pretty much every like, this is the one thing that you don't really have to worry about. The single attack vector, or single most important attack vector for hardware wallets and something that I've seen occur. And because of people's tendencies to just kind of go up and buy something from somewhere, the one area where the biggest vulnerability seems to pop up with any and all hardware wallets is someone changing the firmware and the customer or the user buying off of a reseller buying from Amazon, because they're just used to going to Amazon, buying it from Best Buy or whatever. Literally there are hardware. I just, my contractor, they bought a ledger, whatever the souped up nano is not the original nano, but they bought it at like a reselling thing, like a clearing out businesses. And they put all this stuff in there. It's like, this is where you find God knows what. Just anything like labels and racks and aisle, aisle shelving and all sorts of stuff. Just basically a smattering of anything that businesses or large groups of things would come in and then just put all of this stuff in there. And by some random chance they found a boxed up ledger hardware wallet. And his wife got it thinking, okay, well, this will be, I want a secure hardware wallet. Right? You know, just kind of heard the, that lesson through passing or I guess maybe in our discussions, I don't know, we've, I've probably mentioned it in our conversation, but I know they have done their own little explorations of, you know, what they should do and probably read something on a website.
So she thought this was good and she asked my advice, and luckily they only spent like $2 on it, or $3. It was nothing. You know, none of this stuff is expensive. It's essentially the yard sales of business.
But I am very, very glad she asked, because this is like the one. No, no. In my opinion, it's the largest vulnerability, because a hardware walleth, the biggest trade off or the biggest attack vector vector about a hardware wallet, is that the anybody who intercepts it or anybody who has access to it or is reselling it or anything knows that this is going to be used to hold bitcoin, this will be used to hold crypto. So if they can backdoor it, if they can put in malicious firmware, it probably very valuable for them to do so. Whereas if you're selling a general purpose computer or a raspberry PI, you're not going to be putting malicious bitcoin stealing software or bootloaders and stuff on it, on the off chance that one of the thousands and thousands of people who buy it end up putting bitcoin on it. Whereas if you are doing this with a ledger, if you were doing this with a bitbox or cold card in any sort of hardware wallet at all, and you have some sort of a way to alter that firmware, you're almost guaranteed that if somebody is buying this thing, they're going to be putting bitcoin or some shitcoins on it. And for most of the ways, that seems like, to me, the dominant way that people who use hardware wallets get screwed outside of just bad practices where they will literally just punch in their seed somewhere because they got an email asking them for it. You'd be shocked that that happens. Your seed is your keys, or are your keys to the kingdom. I mean, you know it. But just in case, never, ever, ever give your seed anywhere. The amount of work that the cold card is doing to separate the access to this from three different chips on the actual hardware of the circuit board of the device, and creating a public private key, little system and a handshake so that they are actually sharing encrypted communications with each other in order to share the secrets to decrypt each individual piece of the thing needed to then put the seed back together just to sign a device. Don't let all of that go to waste by sending it in an email. If you ever get an email from coin ize kurt.com or some fake URL that you just forgot to check, and they say, we're having a problem, we cannot confirm the funds on your wallet. Please, very quickly type your seed, let us know what your seed phrase is, and email us back so that we can confirm that your funds are safe. Because that's usually what the email is. It's something like that, it's like a support email that says we're having problems confirming that youre, your cold guard or your device is actually secure. We are going to need your seed words in order to prove it. And we will in, we will be sure to get your funds securely in place if you just type in your seed phrase, don't fall for that and don't buy from anyone but the manufacturer. And that's also the really cool thing about, I didn't actually know exactly how this worked, but I knew, I just was checking it. That on the bag there's a serial number, and then in the device itself there's a OTP flash memory that can literally only be written to once because all it can do from its, from when it is manufactured, it's just got ones and all you can do is flip them to zero and you can't flip them back. Therefore they imprint that serial number in the device. And if any writing or tampering is done to the device, that cannot be changed because any edit whatsoever will only just add more. It will just clear it out and it cannot, you can't put the ones back in. And if that data is not correct, if it doesn't align with the rest of the device, then it literally just halts the, it just interrupts. And that's obviously specifically designed to deal with the largest vulnerability or the biggest risk, I think, in the hardware wallet supply chain and delivery issue is that if somebody intercepts it, can they put new firmware on it and cause you a problem or try to extract some information or give you a malicious device that is hard to tell or has no visible way to actually show that that is in fact a compromised device. And this is why like, I love my seat signer and I don't, I'm not shitting on seat signer anymore at all, but because it's on like a, or is it like on a pine or something? Or it's a little general purpose chip though, that it's designed on. So basically that assurance is the, the example we talked about with dark Skippy in also in the roundtable episode actually was, it was specifically using seed signer because seeds, seed signer is a generic board and, and chip and like essentially a tiny little general purpose computer that can be reprogrammed and put whatever firmware you want on it, which is literally what you do to make it a seed signer. So it was just kind of like the prime device to use in order to show that you can create a compromised device that doesn't look compromised at all. And then it can sign transactions, and with just two signatures, you can accidentally, or it can make you expose your private key and they can take all of your funds. Now, if you're being careful, you know where you're getting your software from. You check the signatures when you download and before you install and you know, you have a clean computer without, you know, a bunch of malicious software, viruses or anything like that that nobody else has direct access to. You can make I use my c signer like I like the device. So if you have a seat signer, you don't need to go out and panic. But this is one of those reasons why that design philosophy of using multiple different hardware wallets and multiple brands and multiple architectures is not a bad idea. And doing something with multisig, because if the seat signer was able to expose, like, let's say I had dark skippy on my seat signer, and I've got my seat signer in a two of three with a cold cardinal, a bit box, and a seed signer, well, then my coins are safe, because at worst, it's just going to reveal only that one key. I mean, granted, I could continue operating without knowing that I have revealed that information, and maybe at a later date one of the other keys could be compromised. But all the basic security and operation of a simple, just, again, bitcoin keys and another bitcoin hardware device come into play. The, the attacker has nothing. They have not been able to steal anything from me specifically because I mitigated that risk. That's the whole point of multisig or one of the numerous points of our benefits of a multisig setup. And also, if you haven't used Multisig and you want a extremely simple, easy to use and to think about intuitive interface for it, nunchuck guys, you got to use the nunchuck wallet. And they're not a sponsor or anything. Actually, we have talked about working together, so I might do like an affiliate or something with them. In fact, I probably should anyway because I shield them all the time. It is far and away my favorite wallet right now, and that includes desktop and mobile. I've gotten to where I've just been using that one on desktop, which, because I'd had a bunch of desktop wallets already, Spectre and Sparrow and stuff that I had been a big user of for quite some time.
I didn't really feel the need to change my nunchuck setup, but the fact that I can now I can just use it on, like, all of my devices and stuff. I don't know, I just slowly at some point ended up migrating everything back over there and even doing that one on desktop, but managing and using multiple keys and in that interface and setting up new wallets with Multisig and you know, getting the best of both worlds for security and then how to access it because I can, you know, throw in tap signers and have a mobile key and then have my cold card and, or a bit bot like anything like the, the setup is just, it's just you've, if you haven't played with it, I'm going to just shill it again.
You should check out Nunchuck. And by the way, if you're wondering what the affiliate link is, Nunchuck is not. Nunchuck is free, so you can just use the wallet. The affiliate is for their, they have like an inheritance thing and they have it so kind of like Unchained in Casa is that you can actually use them as one of the keys in a service that you can get in the app. And they specifically have no KYC inheritance and systems and stuff that you can set up, which is really cool. I haven't really played around with it a lot, but the platform they've built in the background is really cool.
They're, they're byzantine thing. It's something I've been digging into. In fact, I've been thinking about getting him on the show to, to talk. I should do that. I should, I gotta, I gotta talk to Hugo. I don't know if you guys know Hugo and I don't think I've ever had him on the show.
That's crazy. How have I not had him on the show?
Or maybe I have, I don't know. We're like 1300 episodes deep on this. I don't even know who I've talked to. So that might be a show coming up because we should definitely talk about that. And I love nunchuck. I know you, I know I talk about it all the time, but it's working with the, it's the perfect wallet for the cold card and my tap signers and stuff. Just because I can get that benefit of multisig, separate out my, you know, vendor reliance and my mode of operation reliance that I can use, I get all the benefits and ease of mobile. Like one of my favorite setups for secure between secure, like this is my business account setup because it's something that I need to access a lot. But I also want it to be incredibly secure and secure from failure, from losing devices and stuff when I travel, etcetera. So I have a mobile, a tap signer, and a cold card. And the cold card for that one stays in, like, locked away.
A tap signer travels with me, and then the mobile is protected by. And the tap signer is protected by a pin, but then the mobile is also protected by a pin. So essentially, the, all of the different things that I am protected against, one, with just two pin numbers and tapping the card, I can access funds really quickly if I need to, but then backs up. Backups are really easy because I can literally not only do I mail email myself, I use protonmail. So, like, everything's encrypted, and I can email to myself a backup of the configuration file, of the wallet, as well as just a encrypted backup of the mobile key. Then, of course, in a safe, another safe location, I have the backup of the tap signer, so that even if I lose my tap signer, even if I lose my phone, even. So, even if someone takes those things from me, that without the two pins, they can't get into it. If somebody hacks my email, they can't get into it. They. They can't even see the key because it's encrypted. But even if they did, they couldn't get the funds. If I'm traveling and I literally lose everything that I bring with me, I can still go home, log into my email, get my cold card, and recover all of my funds. And yet, when I am using it, it is literally take out a card, punch in a pin number, tap the card, and I can do whatever I need to do within the wallet of. But anyway, enough about nunchuck. I just really like my setup, and I really like that wallet, and I really like the combo of things that I have settled on for just how easy it is. And I feel like my.
I think the thing that I like the most about where I have gotten with my setups after using so many different wallets, both of the hardware and software variety, is that I found a really great, sweet. I feel like my day to day, the stuff that I do is essentially more secure than it's ever been, and it's also extremely usable. It's extremely easy to use. So being on a bitcoin standard, I do need to access easily some of my funds. And typically, there's a really big trade off between easy to access and security. And I feel like I don't really have that trade off and feel like, in fact, I feel like I kind of upgraded a lot about how easy it is to manage a bunch of different wallets for a bunch of different funds and their coin control. Like, I just, I really like that wallet. And also, by the way, this is something that I don't think I've ever really talked about. But if you did not know, this is huge. Nunchuck has built in messaging, so you can literally add friends who have a nunchuck wallet and you can make joint, multisig wallets with them. Like, this is the one of the really, really cool things about nunchuck. So that's just something to keep in mind. If you did not know that you can message people directly, obviously encrypted with your keys right within the app itself, and you can send a transaction and request a signature from them and they can sign it right in the app. But going back to my point is that I feel like I have upgraded how easy it is to use, how seamless it feels to use and break out my wallet and just work with it all the time. But at the same time, I have upgraded my security. Like, I have made it better in both ways rather than having a trade off. And that's a very rare thing, in my opinion, to get something where the usability, especially in the context of working with other people or having joint wallets and in the context of business and in the context of like, working on a project with somebody that you are allocating funds toward. Dude, that is a freaking Godsenden. Like, if you have a business with a bitcoin treasury, you should absolutely be using something like Nunchuck, where you can message each other directly, where you can have a three of five multisig, and you literally just hit people up and be like, all right, guys, we're going to do, we're going to allocate this, these funds. I'm going to make this purchase for this contractor, blah, blah. Are you guys ready? Are we, are we up for this? I've signed. Here's the transaction. Please, everybody confirm and sign from their side. And everybody does it on their devices. And everybody's. You're, you're also security checking multiple different times so that even if somebody's software is somehow compromised, they can't lie about, you know, what the address is because other people are checking the same thing. And then in the little notifications, in the messages, like, bing, you got, you know, Bob signed, ding, Jeff signed. And then you have, you meet your threshold and then you can send the transaction. I will be frank. That shit is cool. Anyway, I'll shut up about it now. I just really like it.
But yeah. So now I will say, too, that there are some trade offs with the cold card with security, going back to the kind of fundamental trade off of security versus quote unquote convenience. And this is one I actually stumbled upon recently, which I didn't realize. And actually how it's detailed out in this article makes it clear why exactly this happens. But after you set the wallet up, so you can reset the wallet, you can. You can reset it and create, you know, put in new seeds and do this. I've done this with wallets before with a cold card before, although I did not realize that you can only do it 256 times because of how that reset occurs, which is something I learned from this article, which is interesting. However, you cannot reset it if you forget your pIn. And this is something that I noticed somebody did recently and posted about, is they apparently fat fingered their pin or somehow punched it in wrong two different times, which is surprising. I don't know if they wrote it down wrong or what happened. Like, that sucks. But cold card prioritizes security over the, over the cold card itself. It assumes that the bitcoin on the cold card, keeping that bitcoin safe is more important than keeping the cold card operational. So if you set it up with a pin and you forget that pinnae.
[00:58:34] Speaker A: You don't lose your bitcoin.
[00:58:36] Speaker B: If you have a backup and you've done everything right, but you will lose the cold card, you will not be without unlocking it. Because of this, these cascading dependencies of processes, you will not be able to unlock the cold card and reset it. You have to open it. You have to get inside with the pin at the base level in order to open, open it up access in order to reset it, in order to use a different wallet or have a different setup on it, which means forgetting your pin basically bricks the device. So you spend a, you know, $100 or something on this thing. You love your cold card, right? You don't want to lose the cold card, and if you mess something up, you would want to just reset it and use the cold card again. But that is a security vulnerability, and they prioritize the assumption that somebody is trying to get into your, reset it in order to get into your bitcoin or to make a problem with your firmware. Create a dummy wallet, you know, something like that, so that the device simply stops working. So that's something to keep in mind that the pin number does not leave you forgetting your pin does not leave you susceptible to losing your bitcoin but it does mean that you will lose your cold cardinal. And I know that's precious and I know that's a very, very sad story, but it's okay. Just write down your pin. Just make sure you don't forget your pin. One good way I like to, for pin numbers and stuff to have a variety is to build like some sort of a system with it that's easier to remember so that it's unique for every single device or situation. Like a good example for, let's say your debit cards. Everybody uses like the same pin number for all their debit cards. And I've always hated that. And I've always hated, there have been multiple times where I forgot my debit card pin because one was issued to me and I was like all right, well I'll just leave it the issued number so that there's variety, so it's different. And then I don't use it or I don't go to an ATM for like three months and then it's lost to me. Well, one thing you can do, and you know, this is explicitly a security through obscurity. So I'm not going to tell you anything about what I do, but I'm just going to give you a kind of analogous setup that you could use. In fact, this was when I used for a very short period of time and then I settled on one that I liked a whole lot better and it was more reliable, I guess is the way to think about it. But like let's say you have, you have a card, you have a debit card, you have a credit card, you have all these different, you got three different cards, four different cards, and every single one of them has four different.
[01:01:30] Speaker A: Sets of four numbers.
[01:01:31] Speaker B: And your pin number is always four numbers. Well, what you can do is just have a multiply by nine and then take the one digit, the ones digit, and you can just grab, lets say the first four or the second four or the third four, like whatever your system is. And then on every single card, if you forget it, you just take, lets say its the third one, the third set of four numbers and you multiply it by nine. You just multiply all those numbers by nine and then take the one digits, the one place digit, and then thats your pin number. So you can forget your pin number. All you have to do is, but all you have to do is remember, you multiply by nine and that could be anything. That could be anything. You could just add something to it. You could do a simple substitution cipher with a word where, you know, ABC is 123 and then just add that.
[01:02:26] Speaker A: Word to whatever it is.
[01:02:28] Speaker B: But like one process like that is really easy to remember. And you can use that for all of your cards or even, even your tap signers, even app pin numbers or whatever, you could have some sort of a system that whatever piece of information is attached to that, or maybe the, I don't know what the name, the name of the app. But you settle on one system or one reproducible design that's very easy to remember. And you lock that away in your offline password manager that that's what you do. And then you try to remember the.
[01:03:06] Speaker A: Pin numbers for all of those things.
[01:03:08] Speaker B: And if you fail, you know how to reproduce them. It just now takes 30 seconds to get your pin number instead of, you know, 2 seconds. Just don't be like me and change that system all the time, because you are, you have fun and you like to geek out and just come up with new systems all the time. And so you have as many different systems as you have unique pin numbers. And so now you have the exact same problem again at a different level. But I will say, I will say that I have been much, much better about that is if or when I do update my system, I now go through and change everything important all at once. It's kind of like my backup ritual. This is one thing I've talked about and I post about all the time, is that have a backup ritual, like have a process where you write down the seed words, you confirm them, you make a backup, you put it in your place, and no matter what you.
[01:04:07] Speaker A: Are doing, where what hardware wallet it.
[01:04:08] Speaker B: Is, what mobile wallet it is. No matter what, you do not set it up until you can go through the entire process. And you, even if it's the cheapest, simplest, you're just trying out the wallet. You have no idea if you're even going to put any funds on it. You just want to see the interface. And you can't get past the lock screen or the opening screen without doing the setup and writing down your seed words.
[01:04:30] Speaker A: You do it.
[01:04:31] Speaker B: You just do it, no matter what it is.
[01:04:34] Speaker A: Go through your process.
[01:04:36] Speaker B: Do it like you're a secret spy. I don't care if you have to make up something and you have to role play. Like you're an OCD, like you're the accountant and you know, you have, you have just the, you're freaking James Bond and you've got the setup and you know exactly how you do it. And you do it every single time.
[01:04:53] Speaker A: Just do it.
[01:04:55] Speaker B: Have a backup ritual, and always and forever do it. And no matter what happens, you will. This will save your ass so many times.
[01:05:02] Speaker A: I cannot tell you how many times, especially if you explore wallets like I do.
[01:05:06] Speaker B: I'm constantly setting stuff up. I'm constantly testing some new beta thing. People will send me stuff. It's like, I want to try this out.
[01:05:13] Speaker A: I'd love to get your feedback.
[01:05:14] Speaker B: Please tell me where it sucks. And so I will, you know, boot up some new thing, but every single time.
[01:05:20] Speaker A: And because I have lost funds at.
[01:05:23] Speaker B: Least twice because of this, maybe three times, I don't know, I set up a wallet that I am doing offhand or happenstance or a beta, and I'm just testing something out, and then I start to like it, and, like, this.
[01:05:39] Speaker A: Is a really cool wallet.
[01:05:40] Speaker B: And then I move some funds to it, but not much. I'm just testing it out. A couple weeks go by, and I'm tinkering with stuff. Somebody wants me to pay them, and I find out, like, oh, it's just. Just $20. Okay, well, I've actually got this in my new fun wallet, and then I go over and I pay them that way. And then, you know, it's got a really great interface for contacts and stuff, and so I can message them or something. And, man, this is really good.
[01:06:02] Speaker A: I should use this more.
[01:06:03] Speaker B: And I start using it more and more and more, and then I'm interacting with somebody who is also using that wallet or is doing something else, and I want to receive a payment. It's like, oh, yeah, this is actually a great way. You can go ahead and just. Yeah, we'll do a $1,000, you send it to me, and then we'll break it down, we'll do all of this, blah, blah, blah.
[01:06:18] Speaker A: And suddenly, I start to integrate this.
[01:06:20] Speaker B: Thing, and now I've got a ton of funds on this, and I've never even backed it up, and I didn't even. It didn't even register. It crept up on me. It incrementally got more important and more involved in my setup because I liked it. Then one day, my phone goes into the river, or I was holding on to my iPhone seven for as long as I possibly could, and one day, the thing just shit the bed. It just would not turn on. And it cost me $3,500 in order to get back all of the photos and all of the wallets and everything. And that is when I found out that I did not have a backup of said wallet.
Now, that I have a backup ritual and I refuse to do anything with any wallet without going through that backup ritual.
Multiple times I have put myself in a situation where something got deleted or cleared without realizing it or funds. I thought I had lost funds. And then I was like, well, wait a second, let me check. And I would go through, and sure enough, I had done the backup ritual and I had it there and I recovered it, and I hadn't even remembered, and it didn't even seem that important. It sat there stagnant or untouched for a really, really long time. But my backup ritual saved me. Do that.
You will thank me, I promise. And for everyone who is curious, yes, of course I role play like I am John Wick every time I do my backup ritual and then stamp my seed into steel. Because obviously that is just something that John Wick would do. So be like John Wick, back up your seats. And if you are like me and you have like a system for your pin numbers or something like that, make sure to change that all at once. And yes, that's frustrating. Yes, that's a nightmare. But then it means that you know that you would only actually upgrade that system if you needed to upgrade that system because it's a whole lot of work to upgrade that system to something else. But remember, that is a total security through obscurity system. Do not share that with anyone. I have not shared what my system is here. I've just given you analogous things that are similar in design philosophy to the things that I do. But in this case, this is specifically something that you have to come up with on your own. And also, just a note on this. Simple is best if it requires four steps or remembering four different things. You haven't made it any better than memorizing a pin number one thing, very simple, a sweet spot between security and I. And easily reproducible and convenient.
But real quick for the cold card before we close this out. I really love the dummy pins and the brickme pin and the duress pin. These sorts of things. The one that, like, gives you like a time, a time lockout, like these extra things are, you know, really for those edge cases. But I love that there's a backup on top of a backup. There's another strategy that you can utilize and that is not difficult to utilize. The only caveat with setting something like that up is to just remember the, you know, the level of you're adding complexity and the fact that maybe you remember the wrong pin or something. So you need to make sure you have a really good system in place to be able to tell the difference and to make sure that the attacker or whatever, like, oh, I heard somebody say this was a really funny thing, is that if you have a brickme pin, if you're okay with losing the device as the default, that, okay, this is just destroyed. If somebody does it wrong, which, this would be bad for your family member because that would be. That would be mean. But if you're thinking about it in the context of a thief, write the, like, with like a permanent marker, write the brick me pin or the duress pin or something on the actual device itself, like, just on the back of it, like, oh, jotted down my pin number or store it with the device. Because if somebody steals it or is somebody trying to hack in, trying to get into your device, how could they not use the pin number that's written right there with the device? Like, that's probably it. And especially if you only have 13 tries, that was just a funny, funny trick.
But also, if, you know, you get in a car accident and then your wife comes to try to get a the bitcoin or something, and then she sees the brickme pin and doesn't know the system or the setup, this is also something. Go over it with your family or specifically have a multisig setup where they can access it. This is kind of the whole point of the nunchuck inheritance thing, is to design it in such a way that they can get it back and in a non KYC fashion. This is not a nunchuck commercial, but I'm just using that as an example. There's a bunch of different services onramp. Bitcoin has done some really interesting things with that as well. Granted, they're not, they're a different custody model entirely, but I really think you should think about that as well. There are a lot of pieces to this puzzle and avenues and things to prepare for, because there's a lot, there's just a lot in the responsibility of taking this on yourself. And I guess, you know, it seems like a lot at first, but it's also really fun. Like, I don't know, maybe I'm just a nerd, but it's fun and kind of exciting to set all this up and try to get that magic middle ground between secure, convenient, recoverable, all of those things. And I've absolutely found multisignature to be the most important piece in getting the best of all of those worlds. And in the case of a. In the case of a hardware wallet, I think you can't go wrong with the cold card. Um, and I'll just say one of my favorite things about the cold card from the beginning, and something I've always really liked about it, is the, the shoot. Shoot. This is the fact that the, you can see in the device, you can see the board. Like, it doesn't, it doesn't try to hide it. Like, it explicitly exposes stuff and then mark stuff on the board. Like, if you don't want to have any Wi Fi, if you want to be completely air gapped, there's a little arrow and it says, destroy this. And you just, you can literally take a knife and scratch it out in the board, and you can simply make those components, like, physically inaccessible. And I kind of, that's just something that not a lot of hardware wallets do. In fact, almost no, no hardware wallets do that, except for the cold cardinal. And as a kind of a junkie in the physical sense, like, I love the idea. Even though I never actually got the phone, I love the, there was the, what was the, was it the libraphone or. There, there were a couple of different brands that I had looked into, but there were phones that I think Edward Snowden recommended one of these at some point, but that literally has physical, like, like click on, off, like hard coded or hardwired. Electrical switches to turn off camera, microphone, everything. So that, you know, these devices do not have power. They cannot do anything. Your computer, your, your operating system cannot communicate with them. There is no malicious software. And that's one of the things that I think about and enjoy about how coinkite designs their stuff is. They very much think about it. They go all the way down to the physical layer. They go all the way down to the. Can you see? You know, computers are really obscure, abstract things that most people don't understand. You're trusting some manufacturer who doesn't even know, like, they're trusting the computer that's designing their chips to design it properly, because now you can't even make it. There's so many circuits and so many pieces, and it's so nano sized now that you have to trust the computer that is doing the designing of the new computer, of the new chip.
[01:14:53] Speaker A: Like, you can't do that manually.
[01:14:55] Speaker B: Nobody's individually placing billions of little gates on this chip. So I've always appreciated that about the cold card and how coinkite designs their stuff. So that's just a little tidbit for something that I have personally liked. So that's the breakdown of the cold card mark for security and how they think about it and how they design it. And I hope you enjoyed nerding out with me on this episode with that. Thank you guys so much for listening. This is bitcoin audible. I am Guy Swan. And until next time, everybody degades. Guys.
[01:15:50] Speaker A: The man who passes the sentence.
[01:15:52] Speaker B: Should swing the sword. If you would take a man's life.
[01:15:57] Speaker A: You owe it to him to look into his eyes and hear his final words.
[01:16:01] Speaker B: And if you cannot bear to do.
[01:16:03] Speaker A: That, then perhaps the man does not deserve to die.
George RR Martin a game of thrones?
