CoinKite Coldcard Mk3 - Hardware Wallet
- Full-sized numeric Keypad to enter PIN.
- OLED Screen - Resolution of 128 x 64 Pixels.
- Made In Canada
- Tamper-evident numbered bag with bag number recorded into device.
- Pricvate Key stored in a dedicated security chip and noit on micro's flash.
Secure element for key storage
We find it quite scary that some Bitcoin wallets trust the main microprocessor with their most valuable secrets. Instead, Coldcard uses a Secure Element to protect your Bitcoin.
Specifically, the Coldcard (Mk3) uses Microchip's ATECC608A to store the critical master secret: the 24-word seed phrase for your BIP32/BIP39 wallet.
This little chip is very powerful. Communication is controlled by complex challenges and SHA-256 responses which prevent replay and eavesdropping. The secure element enforces cryptographically, that...
The PIN code on Coldcard is divided into two parts, such as 1234-5678. You first enter 1234 and then you will be shown two words on-screen. Those words are unique for all PIN prefixes, and for each Coldcard ever made. (The secrets used to enforce that come from inside the secure element, and are unknown to the rest of the world.)
Your job is to memorize those two words, keep them secret, and every time you use the Coldcard, check them before entering the final 5678 part of your PIN. This protects you against a trojan-horse Coldcard that might look like yours but it cannot know those two words.
The secure element and critical parts of the main micro are covered by epoxy at the factory. Our clear case is part of our security model too, so you can look and see if a "hardware implant" has been inserted inside your device.
Because of the in-depth use of the secure element, there is no "factory reset" for the Coldcard. If you forget your Coldcard PIN, there is nothing we can do except remind you to recycle your e-waste responsibly!
We've even put a label, "SHOOT THIS", for more effective device destruction. When the time comes.
Air gap operation
Coldcard never needs to touch a computer. It can work entirely from a USB power pack or AC power adapter. This includes everything you need to do in the whole life of the product:
- Initial PIN choosing and setup.
- Pick your 24-seed words using our TRNG, import existing secrets, or use your dice rolls.
- Export skeleton wallet files, for setup of Electrum or other desktop/mobile wallets.
- Export lists of payment (deposit) address, using the Address Explorer.
- Backup of seed and settings, which saves an encrypted 7z file.
Duress wallet features
We provide an optional "duress PIN code". If you enter that PIN code, instead of the "real" PIN code, nothing special is shown on the screen and everything operates as normal... However, the bitcoin key generated is not the main key. It is effectively a completely separate wallet!
To take best advantage of this feature, you should put some Bitcoin into the duress wallet. How much you are willing to lose or what you need to make it plausible, we don't know.
The "duress" wallet will still be derived from the original BIP39 words, so you don't need to back it up separately, but there will be no way to get from that wallet back to the original wallet with the real funds in it.
Countdown to Brick PIN
This is a covert variation of the BRICK ME PIN mode. It forces a time delay (of minutes/hours/days) when logging into the Coldcard.
But once set, unlike the normal countdown, this special mode covertly bricks the Coldcard. Again, this may form some part of your game-theory for duress situations, but is completely optional.
The goal of this mode is to provide plausible deniability of a required time delay (similar to Bank’s sages), while denying the attacker a functional device in case they take it away.
BIP39 Passphrases (25th word)
We now support BIP39 passphrases so you can also create an unlimited supply of distraction wallets. This feature is also useful for your own organization of funds or accounts. Unlike the single duress PIN, an unlimited number of related wallets can be created using BIP39.
Brick me PIN
Another PIN can also be defined, which we call the “Brick Me” PIN. Using that PIN code at any PIN prompt, will destroy the secure element and render your Coldcard worthless. Again, this may form some part of your game-theory for duress situations, but is completely optional.
Force a time delay when logging into the Coldcard. Once enabled, you must enter the PIN correctly, and then wait out a forced delay (of minutes/hours/days) while a countdown is shown on-screen. Then enter your PIN correctly, a second time, to get in.