Cypherock
  • Introduction
  • Design Decisions
    • The balance between security and convenience
    • Cypherock X1 Hardware architecture
      • Using ultrasonic welding for the X1 Vault enclosure
      • Encrypted NFC communication for X1 cards
      • Using Javacards instead of MicroSD
      • Choosing USB vs QR Code
      • Why the X1 cards are not upgradeable
    • Cypherock is BIP39 compliant
    • Private keys should be near to impossible to extract
    • Conflict between trusted parties should not result in unauthorized access
    • Using Shamir Secret Sharing vs. Multi-sig
      • How is Shamir Secret Sharing implemented within Cypherock X1
      • Why Cypherock has a default 2/5 threshold scheme
      • Rejected Key Schemes
    • PIN Protection on Cypherock X1
      • Difference between backing up your PIN vs. Seed Phrase
  • Security Overview
    • Introduction
    • Keylabs - Third Party Security Audit
    • Remote Attacks
    • Physical Attacks
      • $5 Wrench Attack
      • PIN Brute Force Attack
      • Evil Maid Attack
      • Flashing Malicious Firmware
      • Side Channel Attack
      • Supply Chain Attack
  • Cypherock X1 Features
    • Eliminate messy paper backups
    • Open source with secure elements
    • Use Cypherock as a seed phrase vault
    • All-in-one Portfolio Manager
  • Getting Started
    • Download cySync
    • Import Seed Phrase from existing BIP39 compatible wallet
    • Generate a new wallet with Cypherock X1
    • How Cypherock generates your 24-word seed phrase
    • Best practices in keeping your X1 cards secure
      • Use the protective card sleeves
      • Geographical Seperation
      • Choosing your guardians
    • How do I know I am not locked-in to using only Cypherock X1
    • How do I know my Cypherock X1 is genuine?
      • Email 2FA for Product Authentication
    • How to recover your Crypto assets in the case of loss or theft
    • What happens to my Cypherock X1 if Cypherock goes out of business?
Powered by GitBook
On this page

Was this helpful?

  1. Design Decisions

PIN Protection on Cypherock X1

PreviousRejected Key SchemesNextDifference between backing up your PIN vs. Seed Phrase

Last updated 1 year ago

Was this helpful?

Cypherock X1 has a unique mechanism with regards to PIN protection. Cypherock uses an alphanumeric PIN system that a user can choose between 4-8 characters to add an extra layer of protection on top of each of the 4 wallets the user creates on Cypherock X1. When the PIN is generated, the hash of the PIN is created to encrypt all 5 cryptographic parts in Cypherock X1.

The double hash of the PIN is stored on each X1 Card and is used to fetch the cryptographic parts stored on the respective X1 Card. When a user enters a pin on the X1 Vault, the double hash of the PIN is calculated and sent as input to the X1 card to compare against the stored value in the X1 Card. On successful verification, the cryptographic part is retrieved from the X1 card. The X1 Vault has access to PIN (and its subsequent hash) only for the session of time in its RAM. No information about the PIN is permanently stored on the X1 Vault. Whenever a user enters a PIN it is erased right after it's used.

PIN protection on the X1 Card also comes with an exponential time function. This means that a series of wrong guesses on the PIN can lead to the wallet being locked for up to 100 years. To learn more about the locking mechanism, refer to Cypherock's dedicated to talking about the locking mechanism with PIN protection.

Github page