Understanding the KeepKey PIN

Highlander
3 min readJan 23, 2023

--

What are ciphers? and why are they important?

All KeepKey devices are protected with a PIN as a barrier to entry for that specific device. The PIN is a combination of up to 9 numbers that you select after initializing your KeepKey. A PIN protects your device against malware and malicious software on your host machine.

The KeepKey was designed in a way it assumes that the host machine it is communicating with is malicious. Requiring user on screen verification and approval on all actions.

And hardware wallet that does not have a screen is insecure! the most important part of a hardware wallet is the ablity for a user to trust the data presented to them. The security of a KeepKey is the offline and secure connection of its memory/processor to its screen.

You can select a PIN between 1–9 digits — We recommend a PIN length of at least 4 digits.

You will see a randomized, scrambled keypad on your KeepKey display.

Note. the pin is displayed twice and inverted to defeat malware that was designed to actually count the pixels via usb resistance. This inversion protects your device by gaurenteeing the amount of pixels that are lit match those that are not. Making it impossible for malware to view your screen or guess your pin during pinentry.

Understanding Pin-entry:

Example: If you’d like to choose the number “1” you would have to click the top middle box.

Even if your KeepKey is plugged in, it cannot be accessed without the correct PIN. In addition, the number placement is re-scrambled at random each time you connect your device, so even a key-logger cannot decipher your PIN because the numbers are only shown on the device.

You can enter your PIN with confidence on an infected computer. Even if your computer became infected with malware or spyware (such as key-logging software), your PIN would remain safe.

Let’s look at the cipher. This will change every time you use your KeepKey. Your PIN is limited to nine digits. If you are trying to use a PIN longer than nine digits, please note that the device only recognizes the first nine entries.

After you choose and confirm your PIN (remember: the cipher will change before the confirmation screen, so make sure you take a look at your KeepKey screen.

Again, the scrambled number placement is only shown on the KeepKey device itself.

Never share your PIN or recovery sentence with anyone.

--

--