So in that photo a ways back..the classics you showed were black, is there any chance of getting those instead of white?
There might be good news next week for you :-) *wink*
very curious if stick's wink is still accurate
any updates on the wink?
Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 135. (Read 966173 times)
There might be good news next week for you :-) *wink*
very curious if stick's wink is still accurate
any updates on the wink?
Hi,
I noticed the strange thing.
The Trezor is device for signing all outputs and all outputs should be showed to me in screen and values of each output.
Is it correct?
But i noticed that when i send some money to addresses A, B, C (i did the transaction for 10 addresses) there was 11th output - it's OK, one address is change from my wallet.
BUT! The 11th address is not showed by Trezor (or 1st) - this is the change adress. So one address slips away from my eye. It's very strange.
How the Trezor decides that one address should not be showed (and value too!) to me when i sign the transaction?
I understood that it made may be for easy using. But i would know the algorithm for this decision.
May be there security hole? Can hacker tell to the Trezor that one X address from faked transaction is change address and after this the Trezor could not show to me this address and value in Trezor's screen?
I can imagine that the Trezor could get the change address as path of BIP32/BIP44 and inside itself can recalculate the address and after it decides that this address is a really my own change address and doesn't show one me and value for it. But i am not sure that this done same way. If there in protocol only bit for address (change/not_change) - it will be security hole for trojan.
I think the Trezor should show all outputs and value of each output included a change address. A change address could be showed with remark 'Your Change' or other way. Otherwise, the thought creeps in that the algorithm has a loophole.
How do you think?
And what does Stick or Slush think about this? I don't want to ask this to through ticket system because the Trezor project should be discussed publicly.
I noticed the strange thing.
The Trezor is device for signing all outputs and all outputs should be showed to me in screen and values of each output.
Is it correct?
But i noticed that when i send some money to addresses A, B, C (i did the transaction for 10 addresses) there was 11th output - it's OK, one address is change from my wallet.
BUT! The 11th address is not showed by Trezor (or 1st) - this is the change adress. So one address slips away from my eye. It's very strange.
How the Trezor decides that one address should not be showed (and value too!) to me when i sign the transaction?
I understood that it made may be for easy using. But i would know the algorithm for this decision.
May be there security hole? Can hacker tell to the Trezor that one X address from faked transaction is change address and after this the Trezor could not show to me this address and value in Trezor's screen?
I can imagine that the Trezor could get the change address as path of BIP32/BIP44 and inside itself can recalculate the address and after it decides that this address is a really my own change address and doesn't show one me and value for it. But i am not sure that this done same way. If there in protocol only bit for address (change/not_change) - it will be security hole for trojan.
I think the Trezor should show all outputs and value of each output included a change address. A change address could be showed with remark 'Your Change' or other way. Otherwise, the thought creeps in that the algorithm has a loophole.
How do you think?
And what does Stick or Slush think about this? I don't want to ask this to through ticket system because the Trezor project should be discussed publicly.
When you are composing transaction, you see on the right all output addresses. The change address is represented by path and it is sent by myTrezor wallet to the Trezor device as this path. This is why Trezor doesn't show anything, because it knows, it generates that address itself from the seed. You can pregenerate this internal address by using account xpub and the shown path on bip32.org. If you give this address to Trezor explicitly and fill in the right change ammount, you will have to confirm it on the screen as with every other external ouput. Trezor doesn't recognize it as internal address when it is not sent as a path to it. The same thing is when you send bitcoins bitween accounts in the same Trezor, you have to confirm them, since Trezor doesn't know they are internal with respect to the seed as well.
Anyway, it might be good if user could somehow choose if the change address will be shown explicitly by clicking something like "Send Advanced". In this scenario, Trezor would also show something like "Confirm sending change to an internal address 3/1/18 = 1ase4er4wFASDFdasdfdfdf..."
Sorry if this sounds mean but I don't think you understand how bitcoin works. I can give you some great links if you like that will help you understand on a more technical level.
P.S. Are you spam bot?
All of the change addresses are determined from xpriv which is derived from the seed.
The seed, xpriv, all the receive addresses, all the change addresses can all calculated inside the Trezor.
Sure, the change address can also be calculated from the xpub on the myTrezor web site (or any other wallet that supports Trezor).
So, since myTrezor calculates the change address from xpub and Trezor calculates the same change address from xpriv the Trezor can verify that the myWallet (or any other wallet) calculated the same change address. If the two change addresses do not match the Trezor can simply refuse to sign the transaction and reject it.
Same result: we don't need to be bothered to verify the change address because the Trezor can verify it.
BTW I went back and fixed my previous post.
The seed, xpriv, all the receive addresses, all the change addresses can all calculated inside the Trezor.
Sure, the change address can also be calculated from the xpub on the myTrezor web site (or any other wallet that supports Trezor).
So, since myTrezor calculates the change address from xpub and Trezor calculates the same change address from xpriv the Trezor can verify that the myWallet (or any other wallet) calculated the same change address. If the two change addresses do not match the Trezor can simply refuse to sign the transaction and reject it.
Same result: we don't need to be bothered to verify the change address because the Trezor can verify it.
BTW I went back and fixed my previous post.
If you will read my post about this, you will see that i mean it.
And what mean "Trezor calculates the same change address"?
It should calculates with some tip from computer. Amount fo change addresses is inifinity. How the Trezor calculate "same address"? Trezor doesn't know blockchain and doesn't know which addresses are used and which are not...
I wrote about path of BIP32/BIP44 tipped from computer.
But i am not sure that this realized same way.
The Trezor calculates the change address so it knows it is correct so it does not need to bother you to veryify something that it knows is correct and cannot be faked, since everything happens inside the Trezor.
Stop
It can be calculated based by blockchain.
Trezor doesn't know the blockchain. So it cannot calculate it.
Only computer with opened site MyTrezor.com can help because only computer knows which addresses are not used.
All of the change addresses can be determined from xpriv which is derived from the seed.
The seed, xpriv, all the receive addresses, all the change addresses are or can be calculated inside the Trezor.
Sure, the change address can also be calculated from the xpub on the myTrezor web site (or any other wallet that supports Trezor).
So, since myTrezor calculates the change address from xpub and Trezor calculates the same change address from xpriv the Trezor can verify that the myWallet (or any other wallet) calculated the same change address. If the two change addresses do not match the Trezor can simply refuse to sign the transaction and reject it.
Same result: we don't need to be bothered to verify the change address because the Trezor can verify it.
BTW I went back and fixed my previous post.
The Trezor calculates the change address so it knows it is correct so it does not need to bother you to veryify something that it knows is correct and cannot be faked, since everything happens inside the Trezor.
Stop
It can be calculated based by blockchain.
Trezor doesn't know the blockchain. So it cannot calculate it.
Only computer with opened site MyTrezor.com can help because only computer knows which addresses are not used.
Sorry if this sounds mean but I don't think you understand how bitcoin works. I can give you some great links if you like that will help you understand on a more technical level.
I would love to buy one but 119 bucks? 
Just waaaay to expensive for the newbies.
If you have less than $1000 in BTC then this product may not be for you. But for someone who has thousands, tens of thousands, hundreds of thousands, etc. then this is a great product. I love this little thing. I have 5 of them and will be ordering a couple more for Christmas gifts for people I know that have BTC holdings. It is the second best thing I have ever purchased with BTC, the best one being a case of Girl Scout thin mint cookies.Just waaaay to expensive for the newbies.
I understand that if you got multiple thousands of BTC then maybe 119 bucks isn´t expensive but for us with less then 2 it´s quite alot
We need security too 
You'll wish you had spent part of that 2 if all of it gets stolen
. I think it all depends how well you know security. Is your system secure? Do you know how to make it secure? If the answers to these questions is anything other than a confident yes, you may want to consider spending a fraction of that 2 bitcoins on making sure that you dont lose the rest of it. The Trezor calculates the change address so it knows it is correct so it does not need to bother you to veryify something that it knows is correct and cannot be faked, since everything happens inside the Trezor.
Stop
It can be calculated based by blockchain.
Trezor doesn't know the blockchain. So it cannot calculate it.
Only computer with opened site MyTrezor.com can help because only computer knows which addresses are not used.
i love it but im waiting for lower price
I would love to buy one but 119 bucks?
Just waaaay to expensive for the newbies.
If you have less than $1000 in BTC then this product may not be for you. But for someone who has thousands, tens of thousands, hundreds of thousands, etc. then this is a great product. I love this little thing. I have 5 of them and will be ordering a couple more for Christmas gifts for people I know that have BTC holdings. It is the second best thing I have ever purchased with BTC, the best one being a case of Girl Scout thin mint cookies. Just waaaay to expensive for the newbies.
The Trezor can calculate the change address so it knows it is correct so it does not need to bother you to veryify something that it knows is correct and cannot be faked.
Also, let's say it did show you the internal change address on the screen then how would you know whether it is correct or not? Since myWallet does not show the changes addresses (yet?) it would take you some large effort (launch bip32.org, copy in xpub, search through all the change addresses until you find the correct one which could be very far into the sequence if you have done a lot of transactions, etc.) to even calculate it yourself in order to verify it.
Trezor is correct to not bother us with this because it can verify if the change address in the transaction is correct or not itself.
Also, let's say it did show you the internal change address on the screen then how would you know whether it is correct or not? Since myWallet does not show the changes addresses (yet?) it would take you some large effort (launch bip32.org, copy in xpub, search through all the change addresses until you find the correct one which could be very far into the sequence if you have done a lot of transactions, etc.) to even calculate it yourself in order to verify it.
Trezor is correct to not bother us with this because it can verify if the change address in the transaction is correct or not itself.
Hi,
I noticed the strange thing.
The Trezor is device for signing all outputs and all outputs should be showed to me in screen and values of each output.
Is it correct?
But i noticed that when i send some money to addresses A, B, C (i did the transaction for 10 addresses) there was 11th output - it's OK, one address is change from my wallet.
BUT! The 11th address is not showed by Trezor (or 1st) - this is the change adress. So one address slips away from my eye. It's very strange.
How the Trezor decides that one address should not be showed (and value too!) to me when i sign the transaction?
I understood that it made may be for easy using. But i would know the algorithm for this decision.
May be there security hole? Can hacker tell to the Trezor that one X address from faked transaction is change address and after this the Trezor could not show to me this address and value in Trezor's screen?
I can imagine that the Trezor could get the change address as path of BIP32/BIP44 and inside itself can recalculate the address and after it decides that this address is a really my own change address and doesn't show one me and value for it. But i am not sure that this done same way. If there in protocol only bit for address (change/not_change) - it will be security hole for trojan.
I think the Trezor should show all outputs and value of each output included a change address. A change address could be showed with remark 'Your Change' or other way. Otherwise, the thought creeps in that the algorithm has a loophole.
How do you think?
And what does Stick or Slush think about this? I don't want to ask this to through ticket system because the Trezor project should be discussed publicly.
I noticed the strange thing.
The Trezor is device for signing all outputs and all outputs should be showed to me in screen and values of each output.
Is it correct?
But i noticed that when i send some money to addresses A, B, C (i did the transaction for 10 addresses) there was 11th output - it's OK, one address is change from my wallet.
BUT! The 11th address is not showed by Trezor (or 1st) - this is the change adress. So one address slips away from my eye. It's very strange.
How the Trezor decides that one address should not be showed (and value too!) to me when i sign the transaction?
I understood that it made may be for easy using. But i would know the algorithm for this decision.
May be there security hole? Can hacker tell to the Trezor that one X address from faked transaction is change address and after this the Trezor could not show to me this address and value in Trezor's screen?
I can imagine that the Trezor could get the change address as path of BIP32/BIP44 and inside itself can recalculate the address and after it decides that this address is a really my own change address and doesn't show one me and value for it. But i am not sure that this done same way. If there in protocol only bit for address (change/not_change) - it will be security hole for trojan.
I think the Trezor should show all outputs and value of each output included a change address. A change address could be showed with remark 'Your Change' or other way. Otherwise, the thought creeps in that the algorithm has a loophole.
How do you think?
And what does Stick or Slush think about this? I don't want to ask this to through ticket system because the Trezor project should be discussed publicly.
Basic question: Is it safe to make two identical Trezors? (Same: device label, recovery seeds, multi-passphrases, PIN)
I've successfully setup/initialised one Trezor using the python-trezor tools, and recovered the same seed to a backup Trezor, fully offline without myTrezor.com
http://www.reddit.com/r/TREZOR/comments/2etgod/pythontrezor_successful_for_offline/
seems BoP is a bit behind when I have a confirmation on a transaction on blockchain.info but not confirmed on myTrezor for over ten minutes. https://blockchain.info/address/1BAJuPdo2CSqVQxSreFNmi4cp9DYtZ3akb
edit: 7 confirmations on blockchain.info and none on MyTrezor.com
edit: 7 confirmations on blockchain.info and none on MyTrezor.com
I have seen this happening to some customer and is temporary for the connection. You will see it confirmed once you close the myTREZOR browser window and reopen it after a delay sufficient (I think about a minute) to drop connections.
seems BoP is a bit behind when I have a confirmation on a transaction on blockchain.info but not confirmed on myTrezor for over ten minutes. https://blockchain.info/address/1BAJuPdo2CSqVQxSreFNmi4cp9DYtZ3akb
edit: 7 confirmations on blockchain.info and none on MyTrezor.com
edit: 7 confirmations on blockchain.info and none on MyTrezor.com
The BoP can't see it because it follows BIP0039 standard where the gap limit is set to 20, see https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#address-gap-limit
What happens is that 3rd party wallet are not BIP0039 compliant in this detail, which cause confusion in compliant wallets like myTrezor. The remedy is as follows: fill the gap limit with several small transactions, so that the difference in path of two transactions in the account is always less then 20.
In this case we have payment on the address 44. It should be enough to send 0.001 BTC to address number 15 and 30.
Quote
Wallet software should warn when the user is trying to exceed the gap limit on an external chain by generating a new address.
What happens is that 3rd party wallet are not BIP0039 compliant in this detail, which cause confusion in compliant wallets like myTrezor. The remedy is as follows: fill the gap limit with several small transactions, so that the difference in path of two transactions in the account is always less then 20.
In this case we have payment on the address 44. It should be enough to send 0.001 BTC to address number 15 and 30.
I think you quoted without reading:
Ok I tested out your theory. I went back and used up every single address before m/0/44. My trezor is still showing the incorrect balance by 0.01btc. The balance on BTCReceive is showing correctly. So I'm guessing the only way to recover this lost btc would be to restore my seed to wallet32 app then send it somewhere else? I hope this is not the case.
If true then I think this may indicate a bug in the BoP implementation.So here is an update on my situation. I checked mytrezor again this morning and the balance is now correct and the transaction in question is now showing up in the transaction list. I'm guessing the bop server needed a little time to refresh?
I kinda wanted to put this scenario to the test to see what would happen. Now I know.
The BoP can't see it because it follows BIP0039 standard where the gap limit is set to 20, see https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#address-gap-limit
What happens is that 3rd party wallet are not BIP0039 compliant in this detail, which cause confusion in compliant wallets like myTrezor. The remedy is as follows: fill the gap limit with several small transactions, so that the difference in path of two transactions in the account is always less then 20.
In this case we have payment on the address 44. It should be enough to send 0.001 BTC to address number 15 and 30.
Quote
Wallet software should warn when the user is trying to exceed the gap limit on an external chain by generating a new address.
What happens is that 3rd party wallet are not BIP0039 compliant in this detail, which cause confusion in compliant wallets like myTrezor. The remedy is as follows: fill the gap limit with several small transactions, so that the difference in path of two transactions in the account is always less then 20.
In this case we have payment on the address 44. It should be enough to send 0.001 BTC to address number 15 and 30.
I think you quoted without reading:
Ok I tested out your theory. I went back and used up every single address before m/0/44. My trezor is still showing the incorrect balance by 0.01btc. The balance on BTCReceive is showing correctly. So I'm guessing the only way to recover this lost btc would be to restore my seed to wallet32 app then send it somewhere else? I hope this is not the case.
If true then I think this may indicate a bug in the BoP implementation. The answer you seek is just a few posts back:
https://bitcointalksearch.org/topic/m.8537393
1) Your coins are not lost
2) If you have a gap of more than 20 unused addresses your balance will not be correct until you use some of the unused addresses
3) Since the balance calculating algorithm stops after it sees 20 unused addresses all you need to do is send some coins to the unused addresses between your last properly summed address and the "lost" one in such a way as to make sure there are not more than 19 unused addresses between any two addresses that contain BTC
https://bitcointalksearch.org/topic/m.8537393
1) Your coins are not lost
2) If you have a gap of more than 20 unused addresses your balance will not be correct until you use some of the unused addresses
3) Since the balance calculating algorithm stops after it sees 20 unused addresses all you need to do is send some coins to the unused addresses between your last properly summed address and the "lost" one in such a way as to make sure there are not more than 19 unused addresses between any two addresses that contain BTC
I have a missing transaction. Here is what I did right before:
I installed the btcreceive app onto my android. I then loaded the xpub code into the btcreceive app. Then I proceeded to test the app sending multiple transactions to the keys generated on the app. Then I opened the account tab on btcreceive and tried sending to some of the addresses there. All was well until I tried one of the addresses further down on the list in the account tab. I tried the m/0/44 address. I sent a total of 0.01btc. this transaction is showing up in the btcreceive app, but it doesnt show up on the mytrezor.com transaction list. So I tried to send another small amount from another wallet to this address again and this transaction is showing up. Both transactions are showing up on blockchain.info.
https://blockchain.info/address/1CVHky4FZ4V5TN7DZSgaqwszRWg7iPrQfc. This has got me a little worried. What would happen if i had sent a larger amount of bitcoin? Would it be lost forever?
I installed the btcreceive app onto my android. I then loaded the xpub code into the btcreceive app. Then I proceeded to test the app sending multiple transactions to the keys generated on the app. Then I opened the account tab on btcreceive and tried sending to some of the addresses there. All was well until I tried one of the addresses further down on the list in the account tab. I tried the m/0/44 address. I sent a total of 0.01btc. this transaction is showing up in the btcreceive app, but it doesnt show up on the mytrezor.com transaction list. So I tried to send another small amount from another wallet to this address again and this transaction is showing up. Both transactions are showing up on blockchain.info.
https://blockchain.info/address/1CVHky4FZ4V5TN7DZSgaqwszRWg7iPrQfc. This has got me a little worried. What would happen if i had sent a larger amount of bitcoin? Would it be lost forever?
Ok I tested out your theory. I went back and used up every single address before m/0/44. My trezor is still showing the incorrect balance by 0.01btc. The balance on BTCReceive is showing correctly. So I'm guessing the only way to recover this lost btc would be to restore my seed to wallet32 app then send it somewhere else? I hope this is not the case.
What happens is your Trezor gives xpub to myTrezor web wallet and the wallet asks backend BoP server for all your transactions. The one you don't see is missing in the list provided by BoP. It is clearly there when visible both on blockchain.info and on btcreceive. I assume there is some glitch in BoP, which is unfortunate, but there are three things that can happen:
1. Issue fixes itself when BoP is restarted.
2. BoP developer fixes the issue if you report it to satoshi labs.
3. BoP will find your transaction without doing anything. Have you tried "Forget device" and replug?
Concerning "recovering" the BTC: If you had more choices of wallet software then you could use any of those and there is high probability you would not see the same glitch you see now. If myTrezor does not see the transaction then Electrum probably would, because it uses completely different stack. You should not be worried about your funds, because you can always recover them using other software that is being developed and will be here soon. But there is some risk you will be blocked and need to wait until the bug is fixed / infrastructure is there.
The BoP can't see it because it follows BIP0039 standard where the gap limit is set to 20, see https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#address-gap-limit
Quote
Wallet software should warn when the user is trying to exceed the gap limit on an external chain by generating a new address.
What happens is that 3rd party wallet are not BIP0039 compliant in this detail, which cause confusion in compliant wallets like myTrezor. The remedy is as follows: fill the gap limit with several small transactions, so that the difference in path of two transactions in the account is always less then 20.
In this case we have payment on the address 44. It should be enough to send 0.001 BTC to address number 15 and 30.
Note: This is an if situation.
In the unlikely event that my Trezor breaks and I also lose my recovery seed what can I do? Is there memory on the Trezor that I could somehow extract to get my coins back or something?
In the unlikely event that my Trezor breaks and I also lose my recovery seed what can I do? Is there memory on the Trezor that I could somehow extract to get my coins back or something?
In general, if this happen, you lost your coins for good. There is no other way, how you can recover or extract your coins back. Just make two copies of your recovery seed and store them on two different safe places and you should be fine.
I distributed my seed on 3 locations in such a way that I only need 2 of the 3 papers to recover my wallet
Note: This is an if situation.
In the unlikely event that my Trezor breaks and I also lose my recovery seed what can I do? Is there memory on the Trezor that I could somehow extract to get my coins back or something?
In the unlikely event that my Trezor breaks and I also lose my recovery seed what can I do? Is there memory on the Trezor that I could somehow extract to get my coins back or something?
If "Trezor breaks" than this usually means one of it's components does not work. If you manage to break it, the first thing that stops working is probably just display, next thing is board and only then MCU breaks. If your Trezor is broken, there is a chance MCU is still fine. If so, it can be reconnected to a new board and used (but this needs some nontrivial technical skills).
If buldozer runs over you Trezor and MCU is broken, you need your recovery seed.
Jump to: