Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 139. (Read 966173 times)

question for somebody with knowledge of trezor.
If I shared my 24 word recovery seed, what would the odds be of anyone finding out which 34 character passphrase had any funds on it?

Why are people reusing addresses anyways? Do you like to reduce anonymity for yourself and the people you transact with?

I think that should be an option.

It would be nice if it was possible to rename the accounts to better identify them. Instead of Account #1, Account #2, etc.

Why would you copy the address from the browser again if you just had a successful bitcoin transaction?

Anyway, this address replacing issue is a much bigger problem than for just the Trezor, and that's why the payment protocol was created. I'm not sure if it's supported yet by the Trezor, but it's in the works at least.

It is really interesting
just waiting to a price reduction
now it is not affordable

Any word on that Black Trezor, I have btc burning digits in my...uh....Trezor.

I'm almost sure that I replied to this question at least twice already. Better ask via email next time. Forum is very bad medium for asking questions you want answers to, because it's very noisy.

Anyway, here I go again: we implemented this in firmware recently, after we push the next version update, we'll enable this functionality in myTREZOR.

this Hardware wallet likes Token for Online Banking right ?

it's still a necessary evil and not an issue for me when done properly (off topic though)

my point was that you shouldn't blindly trust what's displayed on a secure screen because it comes secured by the payment protocol - confirming the address over a second unrelated channel still seems to be a good security practice

from what I understood, the payment protocol doesn't solve two major problems associated with PKIs : that people are not reading who issued the certificate, and that """certification authorities""" fail to perform due diligence before issuing certificates.

You misunderstood what I said. You always see the destination address(es) on the Trezor display. So there are two options:
1. If the address is replaced by the browser for any amount, you will see incorrect address on the Trezor display for the first transaction and your beneficiary will never receive the small amount from you.
2. If the address is replaced by the browser for big amount only, you will see different destination address (different from the time you were sending the small amount) on the Trezor display when signing the second transaction.

In the first case you loose small amount only, in the second case you don't loose anything because you will decline to sign this bad transaction on your Trezor.

This is a bit clumsy, because you have to check those addresses on the display, BUT this will go away when payment protocol BIP is accepted and implemented in Trezor.

Im keeping about 15% of my coins there, as i am still getting comfortable with the trezor

Where do you day you lived again? And about that combination on your safe...

This is not a problem then.

No this is not possible because the tail value contains the checksum of the entire address.  To do a vanity address with the same head and tail is equivalent (for all practical purposes) to creating a vanity address for the entire address, which is not possible.

But as you said this is not a problem anyway.  They can just display the entire thing.  Sorry I brought it up but I was trying to think of why this might be "hard" for them to do.

Yes I also would prefer to hear this directly from the dev team.

Now the Trezor shows full address without scrolling of recepient address when we sign outgoing transaction.
Why for this feature can need scrolling? My receiving address will have same length as outgoing address of recepient.

And i think there will enough 10 head and 10 last characters because hacker should have a biggest power for quickly calculation vanity address where first 10 first & 10 last characters will match.

> It is just above in this post:
I saw it but i am not about this.
I didn't see this info from developer.

It is just above in this post:
BTW sending a small amount does not fix this problem:

Assume the web site is under the control of the hacker.
You send a small amount to the address shown on the screen.
The amount shows up on the screen as received and even when you look on any block explorer.
This proves nothing.

Thanks!
I didn't know about this.
I cannot find info about this.
It will be nice

It is not done, yet.
From one of the posts above.  This is being worked on and will be fixed in a future update.

So once the firmware update is done we should be able to verify the receiving addresses in the Trezor window before sending any BTC to the Trezor.

I was wondering if displaying the entire address is the problem.  I see two solutions:

1) It should be good enough to display the head 10 characters and tail 10 characters of the address (or something like that)
2) Just use the two buttons to scroll left and right through the address in the window.  That way it can be larger and easier to read.

A long time ago (pages ago) I also suggested that the Trezor interface be enhanced so that the web site could have a button next to each Bitcoin address that said "verify this address".  Pressing the button would cause the window on the Trezor to display the same address in the sequence that the web site is displaying.  The the user could verify the two are the same.

I am about to get my address for receiving. You suggest to me to send to myself to address gotten from MyTrezor.com?
Somebody wants to send to me some bitcoins. Now i go to the MyTrezor and the MyTrezor shows to me my receiving address.
But how can i sure that this address is mine?

If you will think - you will get zero security in this process

Browser algoritmics will be able to make error for calculation of my next address in chain of BIP44 address
Malware can change address
Some bugs in my processor/software can generate bad address
And so on...

And here no checking from this.

I think the Trezor's HID (USB protocol) interface should have a feature - to show ANY address for path of BIP44 sent to him from computer
Example:

1) Electrum and MyTrezor.com generates new address based by blockchain (new free address from transactions)
2) This software sends to the Trezor command: show bitcoin address in your screen for BIP44 path: m/44'/0'/0'/0/1
3) Trezor CALCULATES public address from private seed and shows address 1BLablablablablabla for path m/44'/0'/0'/0/1
4) Electrum or MyTrezor.com shows bitcoin address 1BLablablablablabla calculated from xpub key
5) User check both address - one in computer screen and other in device's screen
6) If all is OK, user press OK button in the Trezor, copys the address from computer to everywhere

It's easy, security. But what there is now - it's very bad.
I can copy my address from "Receiving" from Tab in MyTrezor.com and will never get a Bitcoin if my computer infected smart malware
Or i have bug in processor, bug in libraries and etc.
Why i need in the Trezor if i have not a safe way for getting there some bitcoins to my empty wallet.
The Trezor has my private BIP32 seed. And only it has! And now the Trezor used only for outgoing transactions.

But incoming transactions are more important!

And here now benefits from the Trezor.

Do you understand?
It's simple idea without solutions now

Or may be i am a fool? May be i don't understand something?

P.S. I don't want to write here about this problem anymore.
I wrote 4-5 posts about this and zero reaction from developer.