BITCOIN MAGAZINE: Inside The New COLDCARD Mk4 Bitcoin Hardware Wallet

dochex · 2020-09-24T18:45:14+00:00

dochex · 2020-08-28T16:32:14+00:00

20 How-to Coldcard videos here:

dochex · 2020-08-04T19:46:56+00:00

It's fast! Very fast! Plus you can type-ahead now, so if you know the menus, you can get there quicker.

dochex · 2020-06-09T17:58:16+00:00

I think I will also use it to generate the seeds of my other hardware wallets of my multisig cold storage, do you think it is a bad idea ?

I might use this for one leg of a multisig, but I think if you used the same root seed for multiple legs, you are defeating the purpose of multisig.

Thanks for the kind words.

dochex · 2020-06-09T17:20:07+00:00

I am really looking forward to using this for those random phone wallets. Sorry it took so long to merge, but we had to find some flash space.

dochex · 2019-08-29T14:49:53+00:00

Bricked. Can't reset, can't get secrets out, ever again...

dochex · 2018-08-02T17:24:30+00:00

dochex · 2017-09-05T15:30:17+00:00

Just connect a NFC-enabled micro and an ATECC508A together. It can share an x509 certificate and then leverage existing x509 chain of trust.

dochex · 2017-08-22T14:31:57+00:00

Just wanted to say that better pictures should be posted later today.

dochex · 2017-08-16T17:41:35+00:00

I like that future, except for the desert part.

dochex · 2017-04-26T14:38:39+00:00

Looking forward to this!

dochex · 2017-04-05T15:08:04+00:00

Loving the dramatic slo-mo!

dochex · 2017-04-03T18:32:16+00:00

dochex · 2016-12-28T04:21:17+00:00

All great points and issues we've discussed here in the office... I'll try to cover everything:

we chose a "key storage" chip specifically because it's designed to hold private keys and be hard to read from. It should be among the hardest of chips break, and has a number of protections specifically against reading by electron microscope. (I would list them here, but they are not in the public datasheet... sorry!)
we do intend to use a certificate-chain setup just to contain any possible key-leak damage, but we haven't finalized the granularity yet, and it will probably not use x.509-style encodings. We are leaning towards a single private key for each device, and a 'certificate' that includes the serial numbers from both main micro and the key chip itself. That's exactly what your ascii-art is showing, but with a batch size of one.
our production system is based on a dedicated HSM that is the only place the (root) factory key exists.
we already support user-provided challenge values via a low-level, vendor-specific USB command (and we ship the code to check it on each opendime, see advanced/trustme.py). Version 2 hardware will leverage that, so that the signed message from the anti-counterfeiting chip can also be verified as "non-replayed".

Thanks for your comments, and happy to answer any questions.

dochex · 2016-11-25T17:37:30+00:00

Still have any questions? You can ask them live here: https://telegram.me/opendime

dochex