Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 143. (Read 966173 times)

I'm not saying malicious firmware cannot be signed. I'm saying it cannot be signed without people knowing. And installing the unsigned one is of course possible as well, but that cannot be done without user knowing it. If user is warned and decides to install it anyway then it is his problem. I did not say it is impossible though.

The Trezor may store your game passwords and other passwords, provided they are derived from the same seed. In fact it can do it already with it's 20000 lines of code. You are exaggerating with the other "use cases". It's not going to happen.

20000 lines of code can be verified in a month or two for backdoors. To fully understand all of it, it takes more time. The point is, it's possible for a single person and people did it.

until you want to spend it 

(that should be a new meme ...)

There is a firmware source posted on github.  There is a firmware binary in each client's Trezor.  Note the indefinite articles.  Can you see the problem now?

Come on guys, this vulnerability not my entry for the Nobel Prize, it is an absolutely trivial and well-known observation.  If someone can get a malicious version of the firmware signed, he can easily trick many clients into installing it.

Hackers can even trick many users into installing an unsigned malicious version of the firmware and re-entering the recovery seeds.  Do I have to spell out the details?


We will see in a couple of years.   Judging by the mood of this thread, the Trezor will soon be storing your gaming site passwords, your calorie counts, your dog's gym workout schedule, ...

(The Brazilian voting machine software was very small at the beginning, too.)

Meanwhile, how long do you think it would take for one person to review 20'000 lines of code and make sure that it has no weaknesses (like a broken random number generator, or a line somewhere that sticks the private key into the signed transaction that is sent tout to the infected computer)?

I asked earlier whether the hardware has some sort of memory protection that would prevent one function from accessing data areas of an unrelated function, but got no answer.  If it doesn't, the dog workout code will have access to the bitcoin private keys; therefore that code, and every modification to it, must be verified with the same care that is spent on the bitcoin code proper.  Worse still if the firmware can modify itself.

We'd like to have each firmware release (and its hash) signed by independent set of people. Quite a few people already contacted us wanting to do that, but we are not yet there. The building and signing process is documented here: https://github.com/trezor/trezor-mcu -- but we need to prepare the place, where people will upload their signatures so we can show them in Firmware Update dialog.

myTREZOR and TREZOR already show a hash of uploaded firmware, this signing process is just to justify the hash legitimacy and to prove that the provided firmware was indeed built from the provided sourcecode.

Yay I got my Trezor today!!! 

It's sort of scary knowing that your recovery seed holds all your bitcoins.

This would be visible in the firmware source.


With deterministic build, everybody can check the firmware. That does not mean that everybody HAS to. If 3 of 5 decided to sign something malicious, then the rest of the guys would be whistle-blowing and everybody would know. End even if all of them signed it, then anybody verifying the firmware would have to have this weakness implanted in his code as well to see the same fingerprint of the deterministic build. Such a weakness thus needs to be in the open source code, thus visible by anybody. Not everybody has to check it. If just one person checks it and reports it, then everybody will know.

If your Trezor is replaced in the shipment, then anything can happen. But that is the case with all computer parts out there. Raspbery pis that people use with armory or for generating paper wallets can be replaced as well. So this is no worse than your paper wallet.


I was not talking about proving that this is their address. I was talking about proving that there is a backdoor. As I argued above, if there is one, you should be able to find it in the open-source code. It should be easy to prove.


Trezor now has 16500 lines of code in *.c files and another 7000 in *.h files. This is a total for bootloader, firmware and I might included some testing and GUI code as well, that is not on the device so it is even less. And this includes many features discussed here that are not yet released. I don't see it getting to 100000 any time soon. Provided that some code is imported from other open source libraries, the Trezor code itself is even smaller.

Edit: I'm wondering what those Brazilians did there. Millions of lines you say? Wow.

If push comes to shove, you can host your own: https://github.com/trezor/webwallet

Might be hard to replicate the backend, though (but I think it's opensource).

Another solution would be to use other wallets. Electrum and Armory will likely have trezor support soon.

Also, there's a library to access the trezor: https://github.com/trezor/python-trezor and there are also other ways to use your seed and get to your money. There are standards for the format and such (bi0032, bip0039, bip0044).

You're in no way dependant on myTrezor.com and I think it's not unlikely it will be gone in 2044, your trezor still alive and kicking

The guy who paid 10000BTC for the pizza back in the day would like to refund as well.  If that guy would be refunded, he would probably get 10USD back (provided he will return the pizza). BTC is deflation currency and the refunds don't work with those. Your lawyer should learn some basic rules of economy.

You can still get refunded though, because there are people willing to pay the amount of money you paid for this one. BTC was worth 80-120USD during the preorder period. I would pay you 330USD for it myself.

Don't kid yourself gweedo, you are an asshole

Small inconveniences? I paid 3 BTCs for a device that should work with mytrezor, it doesn't, that is a major inconvenience as my coins are trapped in it.

Then the support was extremely rude, when I was being extremely helpful by even showing them my public master key, which is something I don't really want to do, since that broke my privacy.

The co-founder posted under my trust rating a vulgar word, when I left a negative trust review of my current issue on his.

I really don't want to be around people like that, and I don't want to support them either, so a refund is the only thing that I think will make this extremely unsatisfied customer happy. As I have already warned a number of people, and received many pms that they will not be purchasing a trezor and will be waiting for other implements as they were horrified at what took place for me.

Trezor support for electrum is already present (it's just not stable yet). You can already try it




What problems do you have on your mind? I'm only aware of small inconveniences. Nothing that would prevent me from using it.
If you have the metallic one, I bet many people would be glad to buy it from you. Obviously not for 3 BTC though.

Presumably its all open source just incase right? Worst case scenario, If its gone in 30 years than just copy that source code to your own server and make your own mytrezor.com.

I would like to return my trezor and get a refund of my 3 BTCs how can I do this? Obviously they aren't going to fix the mytrezor web wallet and I want my money back.

Edit: Talked to my lawyer about this, and he said there should be no reason that a refund should be an issue. I would also like to use escrow to make sure they don't stiff me.

yes.
it will only show the trezor label you gave it by closing the passphrase dialogue, but you can access any of your hidden volumes by clicking the add account then entering what ever passphrase you want to use.

Many more wallets will support it. It's not proprietary.

Indeed, and that is why I never wrote that.

A malicious manufacturer can distribute firmware that, instead of using truly random seeds,  chooses seeds from a very small set.  Then the manufacturer can  generate the private keys for all those seeds and find the one that matches the client's blockchain address.

This attack can be performed by the manufacturers, or by any individual or gang who can get hold of 3 of the 5 firmware signing keys.  Or by someone  who can plant the weakness in the firmware before it gets signed.  Or by anyone who can replace the Trezor by a counterfeit one during shipment to the client.  Or any shop that sells Trezors to walk-in clients.

I can think of a few other variants on this attack.  Surely criminals can think of dozens more.


If the manufacturers do steal your coins, in order to accuse them of deliberate theft you will have to prove, first, that the the source address of the fatal transaction was under your control at the time, and that the destination address was not.   Perhaps you can do that with witnesses, or internet access logs, but it seems quite hard.  (But,ok, that is a problem of bitcoin itself, not of Trezor.)  Then you have to prove that you did not leak the recovery key words inadvertently.  And then you have to prove that the destination address is under their control. 


On the contrary, a client who loses the coins that he kept in a Trezor may be able to sue the manufacturers for misleading advertising, even if they are innocent and the theft did not involve them directly.  (I haven't seen the Trezor warranty; I hope that they got the help of some smart lawyers, and thoroughly protected themselves from that risk.)  Of course the client would still face the problem of proving that the theft really occurred, as above.


As or checking the software, see my previous reply to another post.  As for it being single-purpose hence simple, I have seen several posts here requesting all sorts of features and support for things other than bitcoin.  I bet that the full source will soon have hundreds of thousands of lines of code.  (The Brazilian electronic voting machine, which does not even connect to the internet, has over a million lines of C/C++ source code, not counting the operating system.)

yes, I noticed the same behaviour.

Maybe no timeout for passphrase (doesn't make sense... You opened a certain wallet with a certain passphrase to use it... Using can also mean using the receiving addresses)
Time out for pin seems a good idea. The idea behind the pin is the prevention of stealing coins by people who gain acces to the trezor. The purpose of the passphrase is to prevent stealing when people have acces to the seed.

What is the guarantee that myTREZOR.com will always be around for me to be abel to spend/receive bitcoins using the Trezor?

In 30 years, will that website still be around? 

When I plug in my Trezor, I always get the password prompt.  If I hit the "x" in the upper right corner to close the popup window without hitting "Enter", then it appears to give me no access to anything.  I have also noticed when I do not enter a password, and press "Enter", it appears to give me a new volume to work with.  So I assume that I have three volumes on my Trezor.  The first one is with my serious password.  The second one is to protect from the $5 wrench.  And the third one is a null password.

Am I understanding this right?

Thanks

It is easier to find the private key of a bitcoin address by trial and error than to check all possible inputs of such a device.  (Translation, just to avoid misunderstandings: it is totally inviable.)

Each client will have to download and install a copy of the firmware at every update, so each client would  have to check that his copy matches the copy that the community has verified by compiling the source code.   That can be done by comparing the hashes of the firmware only; but how will the client get the correct hash to compare to, and how will he compute the hash of the downloaded copy, on an untrusted machine (which is the assumption that justifies using a Trezor)?


I am merely  pointing out a fact that should be obvious to anyone who really tries to evaluate the security of the system.

Just because something is "bitcoin" it does not mean that it is perfect.  While trusting a Trezor is certainly better than trusting a  random PC or smartphone, clients still must trust the manufacturers (their honesty, and their zeal in keeping intruders off the manufacturing and shipping process).