Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 218. (Read 966173 times)
Right at the top of this thread, it says the hardware is open. Is it?
Where do I find the circuit diagram for the Trezor?
The RNG is a bundle of 32 hexidice bought from gamestation.net
In order to don't have to trust computer random.
It's the purpose of my question
http://www.gamestation.net/d16-Hexidice/productinfo/9950-0002/
In order to don't have to trust computer random.
It's the purpose of my question
http://www.gamestation.net/d16-Hexidice/productinfo/9950-0002/
that's a really good way to generate random.
I just wanted to be sure it's possible to enter hex without having to convert it to words from your custom list
(And for sure, I will use a forever offline computer)
(And for sure, I will use a forever offline computer)
you also need to trust the random number generator on that offline computer
Is it possible to not rely on device random generatir, but instead directly enter 128 or 256 bit string, let say in hex like in electrum?
You can import BIP32 private node (which can be generated the way you described), but this scenario is advanced and not encouraged to do by casual user (because you need to trust your computer).
Hi.
Did you start to deliver devices?
Thanks!!!
Did you start to deliver devices?
Thanks!!!
current plan is to start delivering in January
Hi.
Did you start to deliver devices?
Thanks!!!
Did you start to deliver devices?
Thanks!!!
There is a lot of potential for investors who are >30 years old and do not want a "live linux USB" or unsderstand how armoury works.
>30! Jeez I feel old now. 
Do you guys have already a shipping date in mind? I can not wait to test this device! 
And for the critics: this device is designed to be used for non-geeks. There is a lot of potential for investors who are >30 years old and do not want a "live linux USB" or unsderstand how armoury works.
It is a GREAT product.
I only came across it when BTC was 150 USD and I found it a little too expensive (I am relatively late to the crypto world. Never heard of it although I am interested in programming/computers/economy). But when there was an opportunity to buy 2 for 1 BTC, I jumped in, found someone who also wanted a device and became a supporter since then.
I have met a lot of people who are hesitating to buy BTC because the storage issue is so complex. I refer them to a blockchain.info account (which is the most user friendly at the moment in my opinion) but I tell them: even when you take a backup, you do not want a keylogger on your PC because you will loose your coins. Then most of them are scared and ask, is there a better way. And then I tell them that currently, there is NO non-technical easy to use storage option for BTC. But I also tell them to check Bitcoin Trezor
And for the critics: this device is designed to be used for non-geeks. There is a lot of potential for investors who are >30 years old and do not want a "live linux USB" or unsderstand how armoury works.
It is a GREAT product.
I only came across it when BTC was 150 USD and I found it a little too expensive (I am relatively late to the crypto world. Never heard of it although I am interested in programming/computers/economy). But when there was an opportunity to buy 2 for 1 BTC, I jumped in, found someone who also wanted a device and became a supporter since then.
I have met a lot of people who are hesitating to buy BTC because the storage issue is so complex. I refer them to a blockchain.info account (which is the most user friendly at the moment in my opinion) but I tell them: even when you take a backup, you do not want a keylogger on your PC because you will loose your coins. Then most of them are scared and ask, is there a better way. And then I tell them that currently, there is NO non-technical easy to use storage option for BTC. But I also tell them to check Bitcoin Trezor
The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.
This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots.
And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.
But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.
I really doubt that people got a piece of pie, considering how expensive it is to develop hardware, plus they converted the bitcoins to fiat. So yeah. Also as for me not knowing anything about security, I have many sites that I have been contracted to do security on them. So yeah. The trezor just fits into my eco-system of bitcoin so I guess it doesn't work for you. Pre-orders aren't for everyone only the people that actually understand what a pre-order means.
Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
This is why you probably need it! Blockchain is very unsecure wallet, but they are planning to add trezor support and that would make them very much the most secure web wallet known.
What security? Securing PHP against SQL injection and include? Do you know about various buffer overflows and how to exploit them? Do you know about how are ROP chains used to defeat DEP and partial ASLR?
We are talking about third party hardware here, one that has to accept various inputs through a USB. It opens such a vast attack surface you probably can't imagine it.
So lets ask the developers, are they planning to do complete ASLR on their little device? If not no one should trust it at all. Although no one will probably bother exploiting it if it will have a small user base.
I don't know much about how they are planning to do it, but based on just the reading here, I would guess that ASLR is somewhat obviated through the ARM Invariant-timing packets and overflow handling, and FIFO overflow protection.
Careful implementation of stall processing can stall the processor until the FIFO buffer is empty. This is a pretty safe defense even against the stack smashing ROP chains, but might still be exploitable through a environmental corner attack, if you can find enough edges.
It is possible that they have chosen an architecture that doesn't include FIFOFULL operations. Maybe they will clarify.
Or maybe they will leave us guessing and let those that are going to try to break them predictably using this method to their own devices. In that case I guess we will have to buy a few devices to find out.
The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.
This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots.
And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.
But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.
I really doubt that people got a piece of pie, considering how expensive it is to develop hardware, plus they converted the bitcoins to fiat. So yeah. Also as for me not knowing anything about security, I have many sites that I have been contracted to do security on them. So yeah. The trezor just fits into my eco-system of bitcoin so I guess it doesn't work for you. Pre-orders aren't for everyone only the people that actually understand what a pre-order means.
Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
This is why you probably need it! Blockchain is very unsecure wallet, but they are planning to add trezor support and that would make them very much the most secure web wallet known.
What security? Securing PHP against SQL injection and include? Do you know about various buffer overflows and how to exploit them? Do you know about how are ROP chains used to defeat DEP and partial ASLR?
We are talking about third party hardware here, one that has to accept various inputs through a USB. It opens such a vast attack surface you probably can't imagine it.
So lets ask the developers, are they planning to do complete ASLR on their little device? If not no one should trust it at all. Although no one will probably bother exploiting it if it will have a small user base.
And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.
But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.
aaaaaaaaaaaaaaaaaaaaaaaaand
ignore engaged
Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
no encryption would help you since the computer at some point has to know your private key to sign a transaction
I thought the Trazor signed the transaction?
It does, I was referring to when you just run a client and then encrypt your wallet in fancy ways. Most of that is useless.
The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.
This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots.
And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.
But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.
no encryption would help you since the computer at some point has to know your private key to sign a transaction
I thought the Trazor signed the transaction?
I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)
Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.
You claim your device provides security, could you explain how does it provide security comparable to an airgapped computer?
What if malware intercepts wallet sign request and give out a forged request to the device when you legitimately ask it to sign something? The person with the device will have to read the small screen each time to be sure he isn't about to sign away all his bitcoins. How many will do so, especially if the malware is careful and does it only after it detects mass manual transactions when a user is less likely to pay attention for example?
You failed to respond to my earlier post, I wonder why.
These questions have been answered before.
Also malware can't forge a request because it shows you the request and you have to enter a pin to sign that transaction. If someone doesn't read the screen then that is their fault and shouldn't be upset if their coins are stolen.
They changed it to a pin? Shows only 2 buttons in their video.
And it's easy to say those problems were mentioned before, a source would help.
It's called social engineering, if you carefully listen for multiple transactions where the user has to sign each one it would be easy to interject your own and have a large fraction of users fall for it. Likewise if it lets you sign multiple transactions at once on that puny screen you just insert your own.
Why would people want a device like that? Get an old PC, airgap it, store wallet on it. Sign stuff and propagate signed messages from any online PC. Anything else is asking for malware to steal it, no encryption would help you since the computer at some point has to know your private key to sign a transaction - the moment it knows it malware can get it.
And the funny thing is if you are cheap you don't need a second PC even, put an encrypted *nix OS onto a USB with networking disabled, sign transaction, copy onto another usb without any encryption the signed transaction and propagate it from your insecure windows.
The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.
I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)
Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.
You claim your device provides security, could you explain how does it provide security comparable to an airgapped computer?
What if malware intercepts wallet sign request and give out a forged request to the device when you legitimately ask it to sign something? The person with the device will have to read the small screen each time to be sure he isn't about to sign away all his bitcoins. How many will do so, especially if the malware is careful and does it only after it detects mass manual transactions when a user is less likely to pay attention for example?
You failed to respond to my earlier post, I wonder why.
These questions have been answered before.
Also malware can't forge a request because it shows you the request and you have to enter a pin to sign that transaction. If someone doesn't read the screen then that is their fault and shouldn't be upset if their coins are stolen.
I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)
Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.
You claim your device provides security, could you explain how does it provide security comparable to an airgapped computer?
What if malware intercepts wallet sign request and give out a forged request to the device when you legitimately ask it to sign something? The person with the device will have to read the small screen each time to be sure he isn't about to sign away all his bitcoins. How many will do so, especially if the malware is careful and does it only after it detects mass manual transactions when a user is less likely to pay attention for example?
You failed to respond to my earlier post, I wonder why.
Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.
What was the purpose of having the cost a fixed amount of bitcoin, rather than floating against the euro, then?
I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)
Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.
Jump to: