Author

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 172. (Read 966173 times)

sr. member
Activity: 475
Merit: 250
that brainmouse looks painful, count me out
legendary
Activity: 1722
Merit: 1217
I guess it doesn't hurt but dont hardware rng's use background radiation to produce entropy? I mean its hard to imagine how that could be exploited. Unless the manufacturers are lying about what is inside their chips. These days anything is possible though i suppose.

No the Intel implementation uses analog transistors to digital. They can be completely fake too.

Could put a gyroscope inside the trezor and let people dance around with them around to add entropy Cheesy
legendary
Activity: 2912
Merit: 1060
I guess it doesn't hurt but dont hardware rng's use background radiation to produce entropy? I mean its hard to imagine how that could be exploited. Unless the manufacturers are lying about what is inside their chips. These days anything is possible though i suppose.

No the Intel implementation uses analog transistors to digital. They can be completely fake too.
legendary
Activity: 1722
Merit: 1217
I guess it doesn't hurt but dont hardware rng's use background radiation to produce entropy? I mean its hard to imagine how that could be exploited. Unless the manufacturers are lying about what is inside their chips. These days anything is possible though i suppose.
legendary
Activity: 2912
Merit: 1060
I think the brain wallet site was just compromised because it used weak JavaScript rng and no mouse xor like bitaddress
full member
Activity: 120
Merit: 100
Xor additional entropy

You should never have a single point of failure. And especially, you should never trust RNG, even if it is hardware RNG. Trezor generates seed from 256 bit hardware random A and 256 provided random B: seed=SHA256(A||B).

If any of two randoms was flawed or malicious, your seed is still secure.
legendary
Activity: 2912
Merit: 1060
Xor additional entropy
legendary
Activity: 1722
Merit: 1217
words

The master private key itself is generated using entropy that device can provide itself with entropy provided by your PC.

Can you explain this to me. It has a hardware rng inside the trezor. Why does it sample additional (presumably inferior) entropy from the pc?
Because if the trezor entropy is good enough it shouldn't matter how bad the computer entropy is but it does demonstrate that if something was wrong with trezor entropy at least it also mixed with the computer.

yea sure that's true i suppose.
hero member
Activity: 994
Merit: 507
words

The master private key itself is generated using entropy that device can provide itself with entropy provided by your PC.

Can you explain this to me. It has a hardware rng inside the trezor. Why does it sample additional (presumably inferior) entropy from the pc?
Because if the trezor entropy is good enough it shouldn't matter how bad the computer entropy is but it does demonstrate that if something was wrong with trezor entropy at least it also mixed with the computer.
legendary
Activity: 1722
Merit: 1217
words

The master private key itself is generated using entropy that device can provide itself with entropy provided by your PC.

Can you explain this to me. It has a hardware rng inside the trezor. Why does it sample additional (presumably inferior) entropy from the pc?
legendary
Activity: 2912
Merit: 1060
Anyone know if there's epoxy inside to destroy it if opened?
hero member
Activity: 482
Merit: 502
so i have a few questions / concerns. I love the product and the signing transactions without a hot wallet loading a key, but I want to be sure its a good method for cold storage security.

1) if the trezor breaks or is stolen it can be recovered by a 12word seed. How can i secure this code so that it cannot be stolen and used to take access from a different trezor?
2) what measures are in place to detect / prevent lo-jacked trezors or malicious code/components?
3) does the trezor retain access to all its addresses and change addresses? Can I constantly reload it to the same address without compromising the coins?
4) how does the trezor generate an address - could it be replicated based on the physical design?
5) can the trezor wallet be accessed using the seed but not another trezor? What if trezor goes out of business and you cannot buy a new trezor to load with the seed?
6) I heard a single trezor can hold multiple distinct wallets under the same seed but different passwords. How could I set that up to store spending quantities seperately (and secretly) from my long-term storage address?

I want to use this as a fuctional backup for the majority of my bitcoin funds, with the seed safely stored in a few offsite files/safes and some safeguards (password?) on those. I want it to act as the payment address for my mining and not worry that it may not be accessible if something happens to the trezor or trezor support.

1) It's up to you to properly secure the paper backup. You can also memorize the seed if you have good memory but it's 24 words now by default Smiley If you choose to use the pass-phrase, the 24 words alone cannot be used to access you coins.
2) The official firmware release is signed by the developers. If someone try to put the custom firmware on your Trezor you will see the warning on the screen.
3) Addresses are generated deterministically. While using the same seed & passphrese your Trezor will always have access to the same keys. Regarding the address re-using, standard recommendations applies. It's possible, but not recommended. You will not loose your bitcoins but you may loose some privacy.
4) Way that Trezor generate the keys from master private key is described by BIP-0032. The master private key itself is generated using entropy that device can provide itself with entropy provided by your PC. The master key is then represented by the 24 words from dictionary defined in BIP-0039
5) You can use any compatible software wallet. All you need to do is enter your seed and pass-phrase. Currently there is only Wallet32 for android, but support for Electrum, Multibit and Armory is coming.
6) If you already initialized your Trezor with a passphrase, just enter a different one in the "log-in" process. Depending on what pass-phrase you enter, you will get access to different wallets. But you can also have multiple accounts under one passphrase (although all of the accounts corresponding to specific pass-phrase are visible so it's only good for separating the funds instead of hiding them)
legendary
Activity: 1260
Merit: 1000
World Class Cryptonaire
Whatever happened to the metallic CNC'd trezor?
legendary
Activity: 2128
Merit: 1005
ASIC Wannabe
so i have a few questions / concerns. I love the product and the signing transactions without a hot wallet loading a key, but I want to be sure its a good method for cold storage security.

1) if the trezor breaks or is stolen it can be recovered by a 12word seed. How can i secure this code so that it cannot be stolen and used to take access from a different trezor?
2) what measures are in place to detect / prevent lo-jacked trezors or malicious code/components?
3) does the trezor retain access to all its addresses and change addresses? Can I constantly reload it to the same address without compromising the coins?
4) how does the trezor generate an address - could it be replicated based on the physical design?
5) can the trezor wallet be accessed using the seed but not another trezor? What if trezor goes out of business and you cannot buy a new trezor to load with the seed?
6) I heard a single trezor can hold multiple distinct wallets under the same seed but different passwords. How could I set that up to store spending quantities seperately (and secretly) from my long-term storage address?

I want to use this as a fuctional backup for the majority of my bitcoin funds, with the seed safely stored in a few offsite files/safes and some safeguards (password?) on those. I want it to act as the payment address for my mining and not worry that it may not be accessible if something happens to the trezor or trezor support.
legendary
Activity: 2912
Merit: 1060
I'm going to wait for a version with an android app and otg cable included
legendary
Activity: 1722
Merit: 1217
I just purchased one from the web store. Are these the ones that are marked with "First Edition"?

You might get lucky and get left overs

If they send me a first edition its staying in the box and im ordering another. Cheesy

cough cough hint hint
legendary
Activity: 2912
Merit: 1060
I just purchased one from the web store. Are these the ones that are marked with "First Edition"?

You might get lucky and get left overs
legendary
Activity: 1050
Merit: 1004
I just purchased one from the web store. Are these the ones that are marked with "First Edition"?
full member
Activity: 215
Merit: 100
Hi Slush,

I contacted support about joining the affiliate scheme and they've told me it only applies to people who have hands on experience with the Trezor, ie people who've bought one.

I bought one in the pre order with someone on here ( 2 for 1 offer)

Is there a way I can join?

I do affiliate marketing as a job and have generated a few million in sales this year for Bitcoin related companies and would like to be involved.

Thanks,

please write to our support again and provide some details of the order your friend made.

Thats pretty shame the affilate program is supposed to work only for someone who already bought the trezor... I cant think who else doing this kind of restrictions, maybe some MLM  Cheesy
hero member
Activity: 854
Merit: 500
And what happens when 'mytrezor.com'
is down for some reason? Can I still make
payments?

There will be a way to recover your wallet from your saved information anyway.
Jump to: