Passport the New Batch of Cold Storage Wallets

By Jinno | The Ceremony | 23 Sep 2023


Do you remember when Ledger dropped the ball when they introduced their new feature Recovery? The thought bomb really exploded when it was discovered that Ledger developers always had the ability to install firmware on the hardware wallets capable of extracting private keys. People weren’t too please to hear under the guise of safety and security that their seed phrase would be encrypted and split into three parts: the user, Ledger and a third-party organization. In a sense some type of hybrid multi-sig wallet where the user was only one signer in a 2/3 wallet. Not your Keys Not your Crypto. But this new feature seems to imply self-sovereignty was not the domain of the average user in complete opposition to the aforementioned ethos.

I did not own a ledger at this time but it made me worry that just like I should have multiple cryptocurrencies wallets so too should I have multiple cold storage options. I’ve seen YouTube videos of a Trezor being cracked in under 15 minutes the security of these devices are enough to ward of the unsavory but a knowledgeable attacker can cause your device to act in unintended ways and eventually reveal all it’s secrets. A Passphrase can mitigate or require another hurdle for an attacker by requiring this unique phrase before a wallet can be freed to spend. But this brings up a good question: what is my threat model?

 

1. Protection from family & friends – includes things like putting a password on your phone or not loaning out your debit card for use

 

2. Protection from corporations – includes things like using fake information when signing up for rewards cards and using tracker blockers online

 

3. Protection against targeted, non-government attacks – includes things like hardening your operating system and keeping your address off public records

 

4. Protection from federal gov’t and intelligence agencies – includes things like complex disinformation campaigns and heavily hardened electronics.

 

What’s this, you don’t have a threat model? Well if you wanted to become your own bank surely you given some thought to your security protocols to protect your assets. But do you know what the weakest link in your security is…? Human beings; we usually operate on a gullible trusting nature that we operate on autopilot but when it comes to our security we should be critical cunning and in a flow state of methodical approach. This manifest in crypto by not doing your due diligence when sending immutable transactions, losing your password and/or seed to your wallet and a lack of knowledge of how java-script hot wallets like Metamask work and why it is susceptible to hacks and malware. Just tell me what I need to know what is the best cold storage hardware wallet that will ensure my security? Have you not been listening, you are the lowest hanging fruit for black hat hackers and criminals if you want to harden your security it is with knowledge about attack surfaces, social engineering attacks and cyber-security practices. Do you know how I chose my first hardware wallet? Was the wallet compatible with my current operating system, I don’t recommend this approach because obviously this should not be the most important metric when choosing a hardware wallet. But that’s how I chose between Ledger and Trezor.

 

If Bitcoin is digital gold and you want to capitalize off the gold rush then you need to be in the business of selling pick axes and boots. What’s this you say Bitmain already beat you to the punch? Don’t fret there is plenty of innovation for Bitcoin only hardware wallets. Why Bitcoin only wallets? Well for one it lowers the attack surface – your wallet is specializing in the Bitcoin protocol and is harden for that specific cryptocurrency. When you have a multi-currencies wallet you increase your attack surface with each EVM chain, ERC 20 tokens and various other blockchains. Most people in the world use Windows operating system this because the monopoly that Microsoft has had over the industry. Windows is the most insecure among all operating systems with built in backdoors and an easily exploitable system. Most malware and viruses are written for Windows because the majority of the world is on Windows. Using a Bitcoin wallet only is equivalent to using an Operating System with a small attack surface such as Linux.

 

Secondly, the majority of innovation will be built to secure what many believe to be the most valuable asset. Does my wallet have Verifiable source code, Fully Air-Gapped operation, Self-destruct PIN and Custom deviation paths. Alot of the time when cold storage wallets are marketed towards us they use words like Military/Enterprise Grade these are just buzzwords, nothing sold on the customer markets is ever Military grade unless were talking about the Xbox 360 Camera that was advertised as a gaming add-on but really was spyware. Open Source code allows any developer to view your code and audit it for security and improvements. Propriety code on the other is closed sourced and allows the company that developed it to patch security upgrades on their own merit and not by a community of developers from across the world. Fully Air-Gapped is kind of a misnomer but basically means the your device never comes in direct contact with your computer. Most legacy models use a USB and bluetooth to connect to your computer but are subject to viruses, malware and Man in the Middle attacks. But newer models use Micro-SD cards and QR code scanning to transfer information which may give you a false sense of security. Data integrity is not guaranteed just because you use different method of transportation. Malware can be injected with a firmware update from your computer to your device thus compromising your cold wallet. Most people think that an attacker will stop when they can’t access your seed because of your password/passphrase but the most likely event if you and your hardware wallet are in the same room as your attacker is they beat you with a wrench until you give up your goods. Derivation path is just a fancy way of saying this is the thing you use to get all your account from your mnemonic phrase.

 

A derivation path looks like: m/44’/60’/0’/0’/0 this is combined with mnemonic phrase also known as your Seed which generates addresses. Enough of the technical jargon let’s get on with the show and tell.

 

The best cryptocurrency Bitcoin only wallet according to a super bias view point by yours truly is:

 

Passport from Foundation Batch 2

9657f630e53d78593f8da40598b3709183790b0d2377b7f83bc17f8fcdcd1d3b.jpg

 

Country of Origin: USA

$199.00 USD

 

Firmware is FOSS

Secure seed generation

Secure seed storage

Can be bought with Bitcoin

Supports air gap/ multisig

What's in the Box?

52c66e6ec1a5870a88eede3579e5e616e7093d797a70a9395e86715c6b59a747.jpg

 

 This is the device you want on Bitcoin Beach when buying your El Salavor food and imported beer. Passport, by design, has no ability to communicate directly with the outside world. This creates an optimum security model, making remote attacks impossible, but also means that is has no way of knowing when any of its Bitcoin addresses have received a transaction. For this to happen, Passport much be connected or 'paired' with a software wallet that runs on an internet connected device like a phone or computer.

As part of this connection process, the software wallet is given enough information to monitor (using its internet connection to the rest of the Bitcoin network) all of the receive addresses Passport can generate. Crucially, this software wallet does not have enough information to spend any Bitcoin. This authority remains firmly with Passport.

 Your chosen software wallet monitors for incoming transactions and has the ability to create spend transactions for Passport to authorize. This information is shared to and from Passport via one of two methods. Which you use will depend on your preference and chosen wallet software. We recommend using QR codes as the default and easiest solution wherever available.

After setting up Passport, connecting it with your chosen software wallet , and receiving some Bitcoin to your Passport wallet, you can choose to authorize transactions via QR codes or microSD. 

This is the next iteration of secure hardware bitcoin only wallets easily an upgrade from recognized secure Bitcoin only wallet Coldcard MK4. 

c902bc0efb319131892ef33f75b137d5e0ce2790458634450f83580772374c37.jpg

 

 Country of Origin: Canada

$157.94 USD

Dual Secure Element different vendors

Verifiable Source Code

True Air-gap

Uses PSPT (BIP 174) natively

NFC supported

USB-C connector

 

 I don't own Coldcard but if I was serious about Bitcoin security I would definitely recommend this model however one thing of note that kind of bothers me about this model is NFC (Near Field Communication) short range wireless communication is an attack vector. With your phone don't leave your WiFi on and don't leave your Bluetooth On these are attack surfaces for attackers. Maybe like me you don't believe in Bitcoin and therefore have none but you participate in DeFi with various blockchains which hardware wallet is for you?

Bitbox02 Multi

 

1f69e9cdbf6e0b5a1ee4c00b78bb77b2d30548e8be4778ffd270ad10db30de5a.jpg  

Country of Origin: Switzerland

€139.00

Dual Chip Design with a Secure chip

Backup and restore with microSD card

Open-Source

End-to-End Encryption between app and device

1500 coins and tokens

 I also don't own a Bitbox but I've given it serious consideration because of the failings of Ledger and Trezor. If your are participating in DeFi and you are using software wallets like Metamask, TaHo or Rabbly Wallet for the love of all that is good please create your wallet from your hardware device. Your wallet address is generated from your device this allows you to create multiple addresses from your device with only one seed as well as Private spend key is authorized through your hardware wallet. This makes it a bit cumbersome when confirming transactions that are time sensitive  but if anyone wants to move your crypto they have to have physical access to your hardware wallet. 

 

 

 

663aa5b4e37cbd26119bc89a2725d4b1c06d1102e5859866525049f932dd43b1.jpg

 

 

 

 

 

 

 

ae452e78f2f359f1fbaaf57d8e382b40276039b94ca1079e0c9ac516841dba7c.png

 

 If things go sideways in the future with any of my recommendations I will be right here for you anon! We're all going to make it!

How do you rate this article?

21


Jinno
Jinno

Shisō hanzai-sha


The Ceremony
The Ceremony

Deconstructing the remnants of the Bilderberger group, Jekyll Island and the Satoshi Round-table by alphabet soup assets that setup the Bitcoin Psyop. REDEDACTED - War is peace, Freedom is slavery and ignorance is strength. Discussing uncomfortable conversations best not said in polite society but openly on the Immutable Blockchain of the NSA servers.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.