[ESHOP launched] Trezor: Bitcoin hardware wallet - page 102.

AussieHash

hero member

Activity: 692

Merit: 500

Quote from: cor on November 17, 2014, 05:22:34 PM

If you happen to be a fellow Slush Pool miner, there's a unique discount waiting for you. Kiss

https://www.buytrezor.com/slushpool/

Quote

Mine with Slush Pool Beta for at least 3 days and 30+ Ghash/s power.
You can apply your 33% discount by using your personal Slush Pool API token:
Copy your API token at beta.mining.bitcoin.cz > My Account > Settings > Manage API tokens
Paste it into the Promo code field at buytrezor.com Shopping Cart:
You can only use the discount once, but you can get 10 TREZOR devices in one shopping.
Don't hesitate, because we may change these rules at anytime.

kkurtmann

sr. member

Activity: 475

Merit: 250

Quote from: cor on November 17, 2014, 05:22:34 PM

If you happen to be a fellow Slush Pool miner, there's a unique discount waiting for you. Kiss

Now you tell me! After I already bought 3 for full price. Been on Slush pool over 3 years

Erdogan

legendary

Activity: 1512

Merit: 1005

Quote from: pitiflin on November 17, 2014, 04:07:46 PM

I'm going to buy 2 trezors, (1 for recovering the seed if something bad happens)

My question is... what's the difference between using Armory with a cold wallet (my current setup) and using Trezor? They look very similar to me. Someone mentioned earlier the difference between a cold wallet and an offline wallet, but I didn't understand it very well.

Finally, which option would you recommend better? If any? Maybe both options are equally safe...

I appreciate it Wink

The two systems are much the same security wise, but the trezor is much easier, much easier to keep secure. It is not possible to extract the seed from the Trezor, but on the Armory offline machine, you are vulnerable when you are using the keys, at least in theory. You must keep the offline machine encrypted while you are not holding it or looking at it, and you must be sure that it is not tampered with so the keys (when you use them) are not written to some secret place on the disk.

Both uses hd wallet, on the Trezor you can have multiple wallets with different passphrases.

Unless you already have a separate machine for offline, the Trezor is cheaper.

You don't need to have the full blockchain (as you have to, on the online part of the Armory system).

I used Armory before I got my Trezor, and I am extremely happy with it.

dnaleor

legendary

Activity: 1470

Merit: 1000

Want privacy? Use Monero!

can you please look into my question about a bulk oder? I'm waiting for more than a week now.

cor

full member

Activity: 121

Merit: 100

If you happen to be a fellow Slush Pool miner, there's a unique discount waiting for you. Kiss

pitiflin

hero member

Activity: 980

Merit: 507

I'm going to buy 2 trezors, (1 for recovering the seed if something bad happens)

My question is... what's the difference between using Armory with a cold wallet (my current setup) and using Trezor? They look very similar to me. Someone mentioned earlier the difference between a cold wallet and an offline wallet, but I didn't understand it very well.

Finally, which option would you recommend better? If any? Maybe both options are equally safe...

I appreciate it Wink

molecular

donator

Activity: 2772

Merit: 1019

Quote from: binford on November 16, 2014, 03:26:50 PM

Quote from: blossbloss on November 16, 2014, 10:39:17 AM

Quote from: molecular on November 16, 2014, 03:15:30 AM

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

Excellent! Thanks.

you should not move all money from that address as the bitcoin paper describes pruning of transactions from blockchain for empty addresses. if you need your proof to be preserved longterm this is a risk to be aware of

This is a valid concern and I've thought about that: I think it's save to remove the money. There will most likely always be a complete transaction history available and it's good practice to keep the unspent transaction output set as clean (small) as possible because it has to be accessed quickly by servers/wallets.

Also: you'll have to keep the document itself anyways. So why not keep the block with the relevant tx in it along with it?

EDIT: another minor point: If you're concerned of losing the ability to prove existence due to the money being removed from the address, you would also have to keep your document secret to avoid someone else removing the money.

EDIT2: sorry for all the offtopic babble.

kkurtmann

sr. member

Activity: 475

Merit: 250

As far as I know, Trezor devices are not waterproof.
The manufacturer of the device just said the email was legit and you even quoted him.

sandpaper

sr. member

Activity: 373

Merit: 250

Quote from: molecular on November 16, 2014, 09:48:01 AM

Quote from: stick on November 16, 2014, 07:32:10 AM

Quote from: molecular on November 16, 2014, 03:17:06 AM

I received an email scam of sorts:

It's not a scam. It's a regular newsletter sent via Mailchimp service.

hmm. ok.

I aplogize for making waves. I found it suspicious that the a link displayed as "myTrezor.com" didn't go there, but to some other domain.

I'm not sure why my thunderbird marked it as a scam, either. Maybe because of that?

I would still be on the safe side and ignore that email. You seem to know your stuff and to me that looked fishy as well. Or should I say phishy.

Edit: Are all trezors waterproof?

binford

newbie

Activity: 52

Merit: 0

Quote from: blossbloss on November 16, 2014, 10:39:17 AM

Quote from: molecular on November 16, 2014, 03:15:30 AM

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

Excellent! Thanks.

you should not move all money from that address as the bitcoin paper describes pruning of transactions from blockchain for empty addresses. if you need your proof to be preserved longterm this is a risk to be aware of

blossbloss

jr. member

Activity: 50

Merit: 1

Quote from: molecular on November 16, 2014, 03:15:30 AM

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

Excellent! Thanks.

molecular

donator

Activity: 2772

Merit: 1019

Quote from: stick on November 16, 2014, 07:32:10 AM

Quote from: molecular on November 16, 2014, 03:17:06 AM

I received an email scam of sorts:

It's not a scam. It's a regular newsletter sent via Mailchimp service.

hmm. ok.

I aplogize for making waves. I found it suspicious that the a link displayed as "myTrezor.com" didn't go there, but to some other domain.

I'm not sure why my thunderbird marked it as a scam, either. Maybe because of that?

stick

sr. member

Activity: 441

Merit: 268

Quote from: molecular on November 16, 2014, 03:17:06 AM

I received an email scam of sorts:

It's not a scam. It's a regular newsletter sent via Mailchimp service.

molecular

donator

Activity: 2772

Merit: 1019

I received an email scam of sorts:

The links inside the email point to domain buytrezor.us7.list-manage.com

Not sure what's there... didn't check.

molecular

donator

Activity: 2772

Merit: 1019

Quote from: blossbloss on November 15, 2014, 05:13:50 PM

Molecular,

Sorry for such a late reply to your response. Your proofofexistence site looks very interesting, but I have to admit I'm struggling making it work.

In the meantime I ran a test. I created a PDF file and generated its SHA256 hash as my private key. I used bitaddress.org's "wallet details" to generate the corresponding public address. I then sent a small fraction of a millibitcoin to that address to time stamp the transaction on the block. Now I can prove that the PDF document existed at the time of the transaction.

Is there something I'm missing?

Thanks.

That site is not mine.

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

esuncloud

member

Activity: 98

Merit: 10

One quick question, there is no source code of the browser-plugin-trezor_1.0.5?
There is only github fork as below:
https://github.com/trezor/firebreath
However, this is not the trezor plugin.

blossbloss

jr. member

Activity: 50

Merit: 1

Quote from: molecular on November 10, 2014, 04:36:54 PM

Quote from: dnaleor on November 10, 2014, 11:46:33 AM

Quote from: blossbloss on November 10, 2014, 09:43:29 AM

Quote from: Anon136 on November 09, 2014, 11:06:15 PM

Quote from: blossbloss on November 09, 2014, 11:01:25 PM

Can someone please provide a short step-by-step tutorial on how to use the Trezor to sign a hash of a document?
Thanks

From memory:

Click on the account that you want to use. Then near the top right you will see a sign and verify button. Click it. It will bring up 2 forms that you can fill out, sign and verify. The first field will be the message. Enter the message that you want to sign in the message field. The second field will be the address. begin typing the address that you want to use. it will detect the address you are entering and provide an option to fill out the rest of the address for you. Click sign. Now look at your trezor. It will ask you to confirm that you want to sign the message. Confirm that you do. Now enter your pin. Look back at the form page in your browser. you will see that the formerly empty signature box will now contain a series of characters. That is your digital signature.

Thanks. So this appears to be signing of messages disconnected to transactions. And it is signing with my private key.
Is there a way to include a message in a signed bitcoin transaction? In other words, can I include a SHA256 hash of a document and include it in a transaction that gets recorded on the blockchain? I think this can be done with some clients (although I do not know which ones can do it). But can it be accomplished from my Trezor?
Thanks

Molecular has designed a way to hash your document and create a private key out of it. You can send a very small amount of BTC to that address to "timestamp" it and proove you own that doc at a certain moment of time. Don't know if you are looking for that?

If you want the proove to be public, I think you can do the same by creating a public address out of the hash of the doc. But I never that that
(I used the method of Molecular to create a certificate of my Silver Casascius coin Wink

)

http://www.proofofexistence.com/ might be what you're looking for. At least it's very similar (identical in function, I think) to what dnaleor is describing and what I had implemented for proving cascascius coin existance. btw, no invention there: I just used the sha256 of the document as a private key (there's no conversion, both are just a 256 bit numbers), derived the matching bitcoin address and sent money to it. Adavantage: you can still move that money. Disadvantage: you can't read any 'message', just verify it has existed if you have it.

"Is there a way to include a message in a signed bitcoin transaction?" <- I'm not sure what to make of this. You can sign a transaction, you can sign a message. You can encode a message into a transaction.

Molecular,

Sorry for such a late reply to your response. Your proofofexistence site looks very interesting, but I have to admit I'm struggling making it work.

In the meantime I ran a test. I created a PDF file and generated its SHA256 hash as my private key. I used bitaddress.org's "wallet details" to generate the corresponding public address. I then sent a small fraction of a millibitcoin to that address to time stamp the transaction on the block. Now I can prove that the PDF document existed at the time of the transaction.

Is there something I'm missing?

Thanks.

molecular

donator

Activity: 2772

Merit: 1019

Quote from: TwinWinNerD on November 13, 2014, 06:09:44 PM

I had similar problems like you.

My solution was to use a USB hub with a standalone power supply.

I have experienced a problem with the hub built into my monitor. Not sure wether it's powered or not, but the trezor wouldn't even show in 'lsusb' when connected through that hub.

sobitcoin

full member

Activity: 210

Merit: 100

SO badass! I want one!

guitarplinker

legendary

Activity: 1694

Merit: 1024

Quote from: stick on November 14, 2014, 07:52:41 PM

Quote from: guitarplinker on November 14, 2014, 07:32:21 PM

Edit: Nevermind, works now! Just sent a transaction and it worked after that - maybe it needed my PIN to be entered, which I did to send the transaction?

I think address needs to be used first in order to use Sign/Verify workflow (so myTREZOR caches its index). A bug that should be fixed in the next release.

Aha makes sense!

Seems correct, I can't sign a message from an un-used address yet, but the addresses that I've used sign fine.

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 102. (Read 966173 times)