Security Features
Last updated
Last updated
Feature: The Cardware Wallet integrates an EAL6+ certified secure element chip for cryptographic key generation and secure storage. This certification represents one of the highest levels of security assurance for hardware components, indicating compliance with stringent evaluation criteria and resistance to sophisticated attack methods.
Benefit: The secure element provides a tamper-resistant environment that protects cryptographic operations against advanced physical and logical attacks. By isolating private keys within this dedicated hardware component (while also being encrypted), the wallet significantly reduces the risk of key extraction or unauthorised access. This ensures that sensitive cryptographic material remains protected throughout the device's lifecycle, enhancing overall security for digital asset management.
Feature: Our key-generation process employs three distinct methods—hashed video streams, D20 dice rolls, and D6 dice rolls—to maximize entropy for secure private keys. With the video stream approach, every video frame is processed through a cryptographic hash function (e.g., SHA-256), then the hashed outputs of all frames are iteratively combined into a single final hash which is used for entropy. This ensures that minuscule changes in lighting, color, and movement introduce vast unpredictability. In the dice-based methods, each roll (64 times for the 20-sided die, 100 times for the 6-sided die) is manually entered into the device allowing for top tier sourced entropy. By allowing randomness both from real-world visual data and physical dice rolls, our system guarantees high-entropy, collision-resistant private keys that are infeasible to replicate or brute force.
Benefit: By harvesting genuine, unpredictable data from physical processes—rapidly changing environmental video frames or the inherently random outcomes of dice rolls—your private keys gain the highest possible degree of cryptographic strength. This significantly reduces the likelihood of successful attacks, as no external party can feasibly recreate the exact sequence of pixel data or dice results, ensuring that your keys remain uniquely secure and resistant to compromise.
Note: When generating your private key through the Video Stream option, ensure to move your camera around and avoid filming uniform, featureless surfaces. When generating your private key through the Dice Roll option, ensure to input your exact rolls.
Feature: Designed without any form of network connectivity, the Cardware Wallet lacks internet access, Bluetooth, Wi-Fi, or any wireless communication modules.
Benefit: Operating entirely offline, the device eliminates exposure to remote attacks that could exploit network connections. This air-gapped approach ensures that private keys and transaction data remain confined within the secure environment of the wallet, preventing unauthorised access or interception by external entities. It provides an additional layer of defence by removing potential attack vectors associated with connectivity, thereby enhancing the overall security posture.
Feature: The wallet's firmware is fixed, non-upgradable, and stored in secure, read-only memory.
Benefit: This design choice prevents vulnerabilities that could arise from firmware updates, such as malicious code injection or exploitation of update mechanisms. By maintaining a stable and immutable firmware environment, the device reduces the risk of software-based attacks and ensures consistent operation. This approach enhances reliability and trust in the device's security features over time, as users can be confident that the firmware remains uncompromised.
Feature: The secure element chip and STM32 microcontroller incorporate read-out protection and write protection mechanisms.
Benefit: These security features prevent unauthorized access to, or modification of, the device's memory and firmware. Read-out protection ensures that sensitive data, including private keys and cryptographic algorithms, cannot be extracted from the device, safeguarding against physical attacks. Write protection preserves the integrity of the firmware by blocking unauthorized changes, thereby preventing potential tampering or the introduction of malicious software. Together, these mechanisms uphold the confidentiality and integrity of critical system components.
Feature: The USB-C port is configured exclusively for power delivery, with only the power and ground connections active. All data lines are physically disconnected, a design aspect that is visibly apparent on the transparent circuit board.
Benefit: By eliminating data transmission capabilities through the USB-C port, the device mitigates risks associated with compromised cables or USB-based attacks, such as data theft or malware injection. Users can visually verify the absence of active data lines, reinforcing trust in the device's physical security measures. This approach ensures that power can be supplied safely without introducing potential vulnerabilities associated with data connectivity.
Feature: The firmware is permanently set in secure, read-only memory and cannot be modified or upgraded. As the device is dedicated solely to offline transaction signing—using the Bitcoin signing algorithm—it does not require feature or security patches typical of network-connected systems. This streamlined design ensures that all core functionality is locked, reducing potential attack surfaces associated with update mechanisms.
Benefit: By forgoing firmware updates entirely, the device eliminates the risk of malicious code injection or software manipulation through update channels. Because its sole function is to securely sign Bitcoin transactions offline, maintaining an immutable firmware environment maximizes reliability and trustworthiness. Users can be confident that the signing logic remains tamper-proof, preserving the integrity of every transaction without any possibility of firmware-based compromise.
EAL6+ Certified Secure Element: Provides high-assurance hardware security for cryptographic key management.
High Entropy Key Generation: Generates unique and unpredictable private keys through random pixel sampling.
Air-Gapped and Offline Operation: Eliminates exposure to network-based threats by operating without connectivity.
Firmware Integrity and Non-Upgradability: Maintains a secure and stable environment by preventing firmware modifications.
Read/Write Protection: Protects memory and firmware against unauthorized access or alterations.
USB-C Powered with Transparent Verification: Ensures safe power delivery without data transmission, visibly verifiable by users.
Secure Transaction Signing via QR Codes: Allows secure transaction processing while keeping private keys isolated.
These features collectively establish a robust security framework for managing and safeguarding digital assets, ensuring that private keys and transaction data are protected against a wide spectrum of threats.
