Cypherock
  • Introduction
  • Design Decisions
    • The balance between security and convenience
    • Cypherock X1 Hardware architecture
      • Using ultrasonic welding for the X1 Vault enclosure
      • Encrypted NFC communication for X1 cards
      • Using Javacards instead of MicroSD
      • Choosing USB vs QR Code
      • Why the X1 cards are not upgradeable
    • Cypherock is BIP39 compliant
    • Private keys should be near to impossible to extract
    • Conflict between trusted parties should not result in unauthorized access
    • Using Shamir Secret Sharing vs. Multi-sig
      • How is Shamir Secret Sharing implemented within Cypherock X1
      • Why Cypherock has a default 2/5 threshold scheme
      • Rejected Key Schemes
    • PIN Protection on Cypherock X1
      • Difference between backing up your PIN vs. Seed Phrase
  • Security Overview
    • Introduction
    • Keylabs - Third Party Security Audit
    • Remote Attacks
    • Physical Attacks
      • $5 Wrench Attack
      • PIN Brute Force Attack
      • Evil Maid Attack
      • Flashing Malicious Firmware
      • Side Channel Attack
      • Supply Chain Attack
  • Cypherock X1 Features
    • Eliminate messy paper backups
    • Open source with secure elements
    • Use Cypherock as a seed phrase vault
    • All-in-one Portfolio Manager
  • Getting Started
    • Download cySync
    • Import Seed Phrase from existing BIP39 compatible wallet
    • Generate a new wallet with Cypherock X1
    • How Cypherock generates your 24-word seed phrase
    • Best practices in keeping your X1 cards secure
      • Use the protective card sleeves
      • Geographical Seperation
      • Choosing your guardians
    • How do I know I am not locked-in to using only Cypherock X1
    • How do I know my Cypherock X1 is genuine?
      • Email 2FA for Product Authentication
    • How to recover your Crypto assets in the case of loss or theft
    • What happens to my Cypherock X1 if Cypherock goes out of business?
Powered by GitBook
On this page

Was this helpful?

  1. Security Overview
  2. Physical Attacks

PIN Brute Force Attack

Previous$5 Wrench AttackNextEvil Maid Attack

Last updated 2 years ago

Was this helpful?

A PIN brute force attack is a type of attack that hackers can use to gain unauthorized access to a crypto wallet by guessing the correct PIN. In a PIN brute force attack, the hacker uses a computer program that automatically tries every possible combination of numbers until the correct PIN is found.

Cypherock provides users the ability to create a eight-digit alphanumeric PIN which provides a much bigger sample space compared to a numeric PIN. Even if an attacker were to be able to generate all possible PIN combinations, there are two main ways that Cypherock X1 users will be protected. Cypherock has implemented a proof-of-work lock system called the CyLock that locks the wallet for longer durations of time as more wrong attempts are made. You can learn more about Cypherock's brute force protection in detail through our .

Additionally, the PIN itself is never stored on the X1 Vault. If the user has set a PIN for a wallet, the Cryptographic part is first encrypted and then stored in the NVM of the STM32. The decryption is done using the first hash of the PIN. The security of PIN is unaffected by this behavior since the nonce for encryption is stored on the X1 cards. The nonce for encryption acts as salt for the encryption along with the hash of the PIN.

github page