Man it can even be put into a glass of coca cola and nothing is happening. Safe as hell
Keep it up guys, can't wait for more progress!
Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 160. (Read 966173 times)
Seriously this is really awesome. If I ever get enough bitcoin to justify a Trezor purchase I will definitely do so.
Man it can even be put into a glass of coca cola and nothing is happening. Safe as hell
Keep it up guys, can't wait for more progress!
Man it can even be put into a glass of coca cola and nothing is happening. Safe as hell
Keep it up guys, can't wait for more progress!
If you drive around in one of these https://i.imgur.com/P9EFqWX.jpg your armed robbers will have a fair idea that you have a large bitcoin holding. If you're not stupid you can just tell them you hold your net worth in fiat in a bank.
Edit : the buyer of this car is on the top 500 list for example, apparently he drives it to bitcoin conferences
https://bitcointalksearch.org/topic/official-lamborghini-for-bitcoin-thread-378936
Edit 2 : email to Trezor support many months ago
Q) Years ago there were stories of iPod owners being mugged and targeted because they had white earphones on, won't people with trezors or trezor stickers become targets as they are carrying around potentially 1,000+ BTC with them ?
A) Carrying TREZOR with 1000 BTC to internet cafes isn't probably a good idea because of the rubber-hose cryptoanalysis method (http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) which is still possible
Edit : the buyer of this car is on the top 500 list for example, apparently he drives it to bitcoin conferences
https://bitcointalksearch.org/topic/official-lamborghini-for-bitcoin-thread-378936
Edit 2 : email to Trezor support many months ago
Q) Years ago there were stories of iPod owners being mugged and targeted because they had white earphones on, won't people with trezors or trezor stickers become targets as they are carrying around potentially 1,000+ BTC with them ?
A) Carrying TREZOR with 1000 BTC to internet cafes isn't probably a good idea because of the rubber-hose cryptoanalysis method (http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) which is still possible
Wrong. Armed robbers might know your net worth, but they can never know how many bitcoin you have.
They may know that you just sold your beach home and got paid in bitcoin. They may have installed a spy program in you laptop and silently watched as you checked your balance and updated your cold wallet. They will evaluate your car and house, and guess how much savings you may have. Anyway, if their their idea of the size of your hoard is too low, lucky of you, but if it is too high, it is you who will be in real trouble.Chances are, if you are facing an armed robbery, the perpetrators have probably done their homework and have been casing you for awhile. That would be really bad luck if you were randomly selected to be robbed.
Wrong. Armed robbers might know your net worth, but they can never know how many bitcoin you have.
They may know that you just sold your beach home and got paid in bitcoin. They may have installed a spy program in you laptop and silently watched as you checked your balance and updated your cold wallet. They will evaluate your car and house, and guess how much savings you may have. Anyway, if their their idea of the size of your hoard is too low, lucky of you, but if it is too high, it is you who will be in real trouble. So, basically, robbers will not want your password in order to check how much is the balance on your Trezor. They will demand some satisfactory amount of money (or bitcoins, if they believe you have them), and expect you to do whatever you need to deliver it.
Wrong. Armed robbers might know your net worth, but they can never know how many bitcoin you have.
Unless you
Looks like ethereum dev team are in the world top 20!
In a 5$ wrench attack, it's more credible to say: "what passphrase? I didn't set a passphrase, see: my money's there, now stop hitting me!" instead of "I set only one passphrase, dude, I don't know what plausible deniability even is, and please stop hitting me now!".
XKCD is a helluva "meme generator". 
But in reality the "5$ wrench attack" is usually more complicated than what the phrase suggests.Armed robbers usually have some idea (right or wrong) about how much money you are worth. It can be as basic as "that guy must be loaded" based on your clothes and car; or a detailed profile of your worth and habits, from "casing" your home for several days, talking to talkative friends and service people, investigating your business, etc.
So, basically, robbers will not want your password in order to check how much is the balance on your Trezor. They will demand some satisfactory amount of money (or bitcoins, if they believe you have them), and expect you to do whatever you need to deliver it.
You may try to convince them that you have no way of providing the amount that they want, but that is risky: if they are forced to leave without the expected loot, they may kill you, out of anger, or to send a message to other future victims. If you have family, they will probably use them as hostages and threaten to kill them. On the other hand, "professional" robbers will rarely kill if they get what they expected. If you do have enough money to make them happy, you will find that it is better to give it up than to risk the alternative. Money can be recovered or earned again; your life, and that of your dear ones, cannot.
Robbers know that most people keep most of their dollars in the bank; so, normally, they will neither expect nor demand cash. (Although they may take you to an ATM and force you to withdraw as much as possible. And, if you do keep lots of cash at home, they may well know about it.) But "bitcoin-enabled" robbers, if they know that you keep all your fortune in bitcoins, will probably assume that you can transfer all your coins from home, without contacting anyone else; so they will probably demand all that they think you own.
(I can speak with some authority on this: although I have never been robbed (knock wood), several of my friends and relatives have been, some more than once. And the student frat next to my home was robbed a couple of months ago. Robbers usually came gangs of three or more, often in daytime, with handguns or machine guns. Fortunately no one was harmed, and the robbers were content with carriable goods, such as laptops and TVs. They did not expect to find large amounts cash -- except once, when the gang had just watched the victim withdraw several thousand in cash at the bank. But they took any guns that the victims had at home, including the entire collection of one victim.)
Hey!
Would be totally awesome to see a regularly updated 'supported clients' list in OP!
I'm only waiting on Electrum for Litecoin until i buy my Trezor
I know, the implementation is not up to you, but up to the wallet devs, but anyway... better to have one place where all supported clients are listed than to look up every single thread.
Would be totally awesome to see a regularly updated 'supported clients' list in OP!
I'm only waiting on Electrum for Litecoin until i buy my Trezor
I know, the implementation is not up to you, but up to the wallet devs, but anyway... better to have one place where all supported clients are listed than to look up every single thread.
I have been looking at ways to protect my coin yet have then accessible. I know that BFL is making one,but I wouldn't buy anything from them even if it gave me a bitcoin every time I used it, well, okay, id probably use it then, but you get me..
I have been using the paper wallet, but that can be a pain, keeping a copy in a safe deposit box, etc. I think I may give this a go and see how it works..
Im sure there are other devices that are in the works as well, but I think this is one of the best thats available right now.
I have been using the paper wallet, but that can be a pain, keeping a copy in a safe deposit box, etc. I think I may give this a go and see how it works..
Im sure there are other devices that are in the works as well, but I think this is one of the best thats available right now.
I have a question concerning advanced settings (use of passphrases).
As far as I see there are two exclusive options:
1) use no passphrases at all.
2) use one or more passphrases.
It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is
(optionally) given.
Is this possible ?
I would also like this feature. You can enter the empty string as passphrase, but that's not the same.
In case of a 5$ wrench attack, it's more credible to say: "what passphrase? I didn't set a passphrase, see: my money's there, now stop hitting me!" instead of "I set only one passphrase, dude, I don't know what plausible deniability even is, and please stop hitting me now!".
my understanding is that you do not enter the seed as a string of words, but rather follow prompts from the mytrezor page such as:
Exactly. Old firmware (1.2.0 and older) used 50% fake words. New firmware (1.2.1+) always asks for 24 words (making it 12 fake words for 12-word mnemonic, 6 fake words for 18-word mnemonic and no fake words for 24-word mnemonic). And we also switched the default from 12 words to 24 words, so most of the people will not see the "fake words" feature anymore.
Dear BitcoinTrezor Team!
Thanks for you device! I ordered it (anywhere in a way now)
But one question please.
You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.
If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?
As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).
What do you think?
Thanks!
Thanks for you device! I ordered it (anywhere in a way now)
But one question please.
You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.
If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?
As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).
What do you think?
Thanks!
my understanding is that you do not enter the seed as a string of words, but rather follow prompts from the mytrezor page such as:
type 5th seedword
type 2nd seedword
type "plus"
type 1st seedword
type 10th seedword
type "mouselicker"
type 5th seedword
type "orange"
etc
so that a keylogger would not be able to determine the order of your seed words or differentiate between your seed and random word requests by the trezor program.
Rethinking this I would not do it this way. It is safer to carefully use the recovery procedure on the Trezor and then move the coins to a new seed.
Right. It's even described here: http://doc.satoshilabs.com/trezor-user/advanced_features.html#changing-your-trezor-recovery-seed
It's cumbersome, but secure. Much easier if you have 2 devices. *hint* *hint* :-)
Dear BitcoinTrezor Team!
Thanks for you device! I ordered it (anywhere in a way now)
But one question please.
You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.
If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?
As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).
What do you think?
Thanks!
If this ever happens to me here is what I would do:Thanks for you device! I ordered it (anywhere in a way now)
But one question please.
You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.
If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?
As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).
What do you think?
Thanks!
Get a new Trezor and set it up from scratch with a new seed (no security problem there)
Enter my old seed into wallet32
Immediatly send all the BTC to the new Trezor
Yes, I am vulnerable for a brief time there...
I wish there was an alternative way to recover the Bitcoin in case of hardware failure or other abnormality. Instead of having to wait for another Trezor to come in.
The wallet32 android ap works great for this and it is also a great "everyday" android wallet. I have tested it for 12,18 and 24 word recoveries and others have tested it with a password. However: should you make a mistake and have to enter re-do the whole process, the random words will be known to a keylogger, because trezor chooses different random words every time. So the words identical between the 2 restore-processes (1 failed, 1 succeeded) will be the seed words.
With a 12 word seed theres only 12! = 479,001,600 combinations. So better not "try again" after a failed restore from seed on the same machine if you have a short seed like that... or just just 24 word seed to be safe.
With a 12 word seed theres only 12! = 479,001,600 combinations. So better not "try again" after a failed restore from seed on the same machine if you have a short seed like that... or just just 24 word seed to be safe.
Definitely needs that offline recovery tool
Or a 36 seed recovery.
Another possibility would be that a certain TREZOR has hardware specific "random words" in the seed recovery. So even if you recover twice on the same trezor, the attacker wouldn't know what the wrong words were.
edit: Just rethought that. This wouldn't work as the new trezor doesn't know the seed yet and can't calculate the random words.
However: should you make a mistake and have to enter re-do the whole process, the random words will be known to a keylogger, because trezor chooses different random words every time. So the words identical between the 2 restore-processes (1 failed, 1 succeeded) will be the seed words.
With a 12 word seed theres only 12! = 479,001,600 combinations. So better not "try again" after a failed restore from seed on the same machine if you have a short seed like that... or just just 24 word seed to be safe.
With a 12 word seed theres only 12! = 479,001,600 combinations. So better not "try again" after a failed restore from seed on the same machine if you have a short seed like that... or just just 24 word seed to be safe.
Definitely needs that offline recovery tool
Or a 36 seed recovery.
Another possibility would be that a certain TREZOR has hardware specific "random words" in the seed recovery. So even if you recover twice on the same trezor, the attacker wouldn't know what the wrong words were.
I just discovered random words are not used on 24 word seed. Maybe random words are used just to fill up to 24 words? Would make sense.
Yup. See the link to the source in this post https://bitcointalksearch.org/topic/m.8243169
Bought one yesterday, waiting for it to arrive. 
I've read through the FAQ and the manuals on the website but there are still some parts that I don't really understand...
Does the Trezor hold your coins? or are they on the Trezor web wallet (or whatever wallet you're using)?
Isn't it still possible for hackers to create malware and upload it onto a trezor through the "update" function?
I'm sorry if these questions have already been answered in this thread but as you can see, the thread is almost as long as a book.
I've read through the FAQ and the manuals on the website but there are still some parts that I don't really understand...
Does the Trezor hold your coins? or are they on the Trezor web wallet (or whatever wallet you're using)?
Isn't it still possible for hackers to create malware and upload it onto a trezor through the "update" function?
I'm sorry if these questions have already been answered in this thread but as you can see, the thread is almost as long as a book.
Technically wallets do not contain any coins, they hold private keys that can prove which ones you own on the blockchain.
These private keys are protected by the trezor. It only accepts valid updates not any update so you should be able to safely use it on an infested computer.
Bought one yesterday, waiting for it to arrive.
I've read through the FAQ and the manuals on the website but there are still some parts that I don't really understand...
Does the Trezor hold your coins? or are they on the Trezor web wallet (or whatever wallet you're using)?
Isn't it still possible for hackers to create malware and upload it onto a trezor through the "update" function?
I'm sorry if these questions have already been answered in this thread but as you can see, the thread is almost as long as a book.
I've read through the FAQ and the manuals on the website but there are still some parts that I don't really understand...
Does the Trezor hold your coins? or are they on the Trezor web wallet (or whatever wallet you're using)?
Isn't it still possible for hackers to create malware and upload it onto a trezor through the "update" function?
I'm sorry if these questions have already been answered in this thread but as you can see, the thread is almost as long as a book.
This assumes that the first 6.2044840173323943936 × 10^23 - 1 tested combinations are all incorrect, which is extremely unlikely. The probability of this happening is equal to having a correct guess in the first attempt
So divide by two to find the average time. Still plenty of time to move your coins (on the order of years) assuming an attacker with an incredible amount of resources.
It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is (optionally) given.
Is this possible ?
1) one 'account' with no passphrase (for small money).
This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is (optionally) given.
Is this possible ?
http://doc.satoshilabs.com/trezor-user/advanced_settings.html
This is not answering his question. He would like to have accounts with different security levels.
http://doc.satoshilabs.com/trezor-user/advanced_settings.html#multi-passphrase-encryption-hidden-volumes
Quote
it is possible to set up your TREZOR multiple times with multiple passphrases. The goal is to have one “spoof” setup that only holds a few bitcoins or bitcents and one “real” setup that holds your fortune.
Jump to: