Friday, January 10, 2020

My initial feedback about the Coldcard mk3

Here's my email that I just sent to Coinkite:

Hi,

I just bought the coldcard, and one thing I'm realizing is that the passphrase I want to use is going to be an enormously gigantic bitch to type into this numberpad. Any 3-4 words passphrase would take about 30 key presses.

For example, lets take the passphrase "monkeyemusloth". To type that in with just numbers would be: 6666665533999336887777555666844.

31 key presses. That's super long, error prone, and what if you want to include numbers in your passphrase? You'd have to have an additional number keypress for every letter.  "1monkey2emu3sloth" would be:

166666666655533399992333668883777775555666688444

Which is 48 keypresses! And given that these numbers don't have letters on them, you either have to be an expert at it or you have to pull out something else (like my phone's number pad, which is what I'm using now).

You could simply type a single number that represents each letter. But this substantially lowers the entropy of your passphrase, meaning that in order to have a sufficiently lengthed passphrase, you need to use 5-6 words instead of 3-4 words. 

So my request is that in the mk4:

A. please put a full alphanumeric keyboard on the coldcard. Its certainly big enough for one. Say with the size and layout of the Palm phone, like the Treo 750 series.B. if that is, for some reason, out of the question, then please put letters on each button so you don't need to pull out an additional reference in order to input a word-based passphrase.

Numeric-only passwords are either too short or not memorable. Typing words based passphrases on the coldcard is very unweildy. Please do something about this.

Furthermore, the coldcard recommends that users write down their PIN. This is really bad advice. Please remove it. I wrote a whole rant about it here: https://www.reddit.com/r/coldcard/comments/emnjwx/coldcard_advises_users_to_write_down_your_pin/ . Losing your $100 cold card is not the end of the world. Getting a few bitcoin stolen from you because someone found your pin stored next to your coldcard would be FAR worse, and in a bitcoin future, just as likely as forgetting your pin, if not more likely. 

So:

C. Remove the advice to write down your pin! Advise users instead to make a calendar event to recite their pin to themselves if they don't use it often enough to remember it. Its OK if the pin (and thus the coldcard) is lost - your funds can still be recovered with the seed.

D. There should be a way to factory reset the coldcard. If the current secure chip doesn't support it, I'm sure there's one that does. If everything is cleared and reset correctly, this wouldn't add any additional security risk. 

E. The pin input is super confusing! Why does a 0 show up, and then half a second later the 0 is filled with a bunch of dots? What does that indicate? Please just have asterisks show up like every single other password input in the world. The pin 2525 should look like ****. The way you have it makes it very unintuitive to even know how many numbers it thinks you've typed so far.

F. Speaking of the above. I found out through trial and error (lots of error) that I had misunderstood how many characters I had put in! Why? Because when I go to create my pin, there are two pages of instructions. I click enter to get passed page 1, then I click enter again to try to get passed page 2, but it only resets page 2. So I then press the first number of my pin, and it goes to the next page, where it then displays a 0, which I thought represented the number I had pressed. It would be EXTRA confusing if the number I had pressed was 0. But no, apparently that 0 is actually trying to represent an empty space! It certainly doesn't look like an empty space. Page 2 should not go to the input view when you press a number, instead it should only continue to the next view when you press enter - like page 1 did.

G. The input is laggy. When I was looking through my seed words by holding down the arrow buttons, if I let go immediately after it shifted down one line, it would still shift down yet another line about 400 milliseconds after I had unpressed the button. What is up with that?

H. And holding down the arrow keys repeats FAR too slowly. Its maddening watching only one line go up every 500 milliseconds. The lagging problem (G) needs to be solved first tho, because if it repeated faster, the lag would be much more noticeable. 

I. Ugh, why does it ask you if you want to add dice rolls into your seed AFTER it asks you to write the whole seed down? Come on, work with me here. I already wrote those down. If the user might do something that affects the seed, don't tell people to write it down yet. Put that option to "press 4 to add dice rolls into the mix" ABOVE the seed words. Also, why can't I find that text in the firmware code? Perhaps this has already been fixed/changed?

J. I tried setting a nickname, and the input isn't great. I believe it started me with 'A' and I could go up and down in letters, suuuuuper slowly (as per complaint G). But then going to the next letter, it starts me in symbol mode, which means I have to press 1 every time I'm done with the last character. My request A would obviously readily solve this problem, and B would help a whole lot, but even without any physical interface improvements, this could be done a lot better. For starters, start the next letter in the same mode you were in previously. Resetting the mode every time you go to the next letter is bad UI.

K. Where is there a public forum for discussing these kinds of issues? No one at Coinkite seems to pay attention to r/coldcard, and github issues are turned off for most of your repositories. Why are github issues turned off tho? Where am I supposed to report bugs? By email? How is anyone supposed to help track down bugs? That's part of the point of open source is that people can help you track stuff down and discuss improvements. 

Honestly, the UI on this needs lots of work. I expected better for a third generation device that cost me over $100. Maybe I'll send another annoying email when I use this thing more, but its late and I need to sleep.


No comments:

Post a Comment