Author

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 232. (Read 966173 times)

legendary
Activity: 1834
Merit: 1019
i want one but this is so damn expensive
donator
Activity: 2772
Merit: 1019
This is to be discussed at the OHM conference..
http://arxiv.org/abs/1212.3257
It is related?

Where does it say it will be discussed at OHM?

What you linked looks like (or very similar to) EDIT: is this (same author, too)

We would like to propose a payment protocol with a lot of interesting features:
Homomorphic Payment Addresses and the Pay-to-Contract Protocol

This could be of interest to the current ongoing development of hardware wallets as well as to the implementation of deterministic wallets.

EDIT: I like that idea by Mr. Hanke, btw.
legendary
Activity: 1204
Merit: 1002
Gresham's Lawyer
This is to be discussed at the OHM conference..
http://arxiv.org/abs/1212.3257
It is related?
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
But the PIN is one-time

One-time as in entered once on each computer, or one-time as in it changes every time?

Either way, I think you're confusing it with the OTP. Either that or I'm misinformed.

Hum yeah I was talking about the OTP
I didn't read about the PIN, I just did, and I agree with you it seems kinda risky to put it on a PC
newbie
Activity: 11
Merit: 4
But the PIN is one-time

One-time as in entered once on each computer, or one-time as in it changes every time?

Either way, I think you're confusing it with the OTP. Either that or I'm misinformed.
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

This is exactly what I am worried about. I recognize the fact that some people prefer comfort when entering their PIN as opposed to an additional security precaution, but wouldn't it be beneficial to allow both methods of PIN input - on the device and/or the computer keyboard? The button layout of the Trezor makes it clumsy to punch in the PIN, but far from impossible. Many of us would sleep easier knowing our security could not have been compromised because of an infected computer. At the same time, those who prefer the comfort of their keyboards can simply not utilize this feature and enter the PIN as it was originally planned by the developers. It's really just a matter of modifying the software and I urge the developers to at least consider it.

But the PIN is one-time
newbie
Activity: 11
Merit: 4
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

This is exactly what I am worried about. I recognize the fact that some people prefer comfort when entering their PIN as opposed to an additional security precaution, but wouldn't it be beneficial to allow both methods of PIN input - on the device and/or the computer keyboard? The button layout of the Trezor makes it clumsy to punch in the PIN, but far from impossible. Many of us would sleep easier knowing our security could not have been compromised because of an infected computer. At the same time, those who prefer the comfort of their keyboards can simply not utilize this feature and enter the PIN as it was originally planned by the developers. It's really just a matter of modifying the software and I urge the developers to at least consider it.
legendary
Activity: 1795
Merit: 1208
This is not OK.
At least not in the first batch. :-)

Exactly.
sr. member
Activity: 441
Merit: 268
Sorry to disappoint you, but the button layout will not change. At least not in the first batch. :-)
legendary
Activity: 1795
Merit: 1208
This is not OK.
It's even easier to build in a cross-arrows like that founds on the gamepads
  ^
<  >
  v

and then tap a sequence like a good ol' Mortal Kombat fatality combo: >>^>v<<> and voila! You've authenticated TX on the Trezor device. No key-logger fears anymore.

I thought about that, but I think I could more consistantly hum a tune, or tap out a beat, than I could remember a set of directions. Plus it uses less buttons. Plus it doesn't depend on the positions of the buttons, should they change or differ between hardware (you know how you muscle memory your PIN)... go compare a phone layout, to a calculator layout Wink
sr. member
Activity: 315
Merit: 250
Official sponsor of Microsoft Corp.
I was thinking the other day... it's too small to have a whole keyboard in order to type in a pass-phrase etc., but what about tapping in a pass-beat?
When you set it up, you tap in a rhythm, a few time probably to get a good average, then when it come to singing the Tx, you tap out the rhythm again.
It's even easier to build in a cross-arrows like that founds on the gamepads
  ^
<  >
  v

and then tap a sequence like a good ol' Mortal Kombat fatality combo: >>^>v<<> and voila! You've authenticated TX on the Trezor device. No key-logger fears anymore.
legendary
Activity: 1795
Merit: 1208
This is not OK.
I was thinking the other day... it's too small to have a whole keyboard in order to type in a pass-phrase etc., but what about tapping in a pass-beat?
When you set it up, you tap in a rhythm, a few time probably to get a good average, then when it come to singing the Tx, you tap out the rhythm again.
hero member
Activity: 1008
Merit: 537
I love the idea and the fact you moved your ass to make something happen Smiley Btw, I know it's hard to make a good commercial video but we can see you're reading Wink I think you don't need to make an Apple-like-commercial-things, just try to be yourself!

Good product, will follow and buy.

Wish you the best,
Patrick
donator
Activity: 2772
Merit: 1019
hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

You mean like this: https://bitcointalksearch.org/topic/ann-visualbtc-android-based-hardware-offline-wallet-using-animated-qr-codes-210371 ?



that's pretty cool.
full member
Activity: 191
Merit: 100
hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

You mean like this: https://bitcointalksearch.org/topic/ann-visualbtc-android-based-hardware-offline-wallet-using-animated-qr-codes-210371 ?

legendary
Activity: 1106
Merit: 1004
Just boot your os from a disk when ever you use your trezor

Encrypted disks (LUKS, Truecrypt...) are also good, but you're still vulnerable to hardware key-loggers.
I think the best is not to let the device accessible as Mike suggests. Either carry it always with you or lock it somewhere.
newbie
Activity: 50
Merit: 0
hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

If by offline transactions with QR codes you meant this below, it has not been implemented yet, neither with QR codes neither with NFC.
https://bitcointalksearch.org/topic/m.2424481
legendary
Activity: 1722
Merit: 1217
Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed.

Not wanting to be negative or anything - Trezor is definitely a great improvement on security since our greatest worry right now are malwares - but we should note that its currently configuration makes it vulnerable to the "evil (and tech-savvy) maid attack".
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

I don't think that's a major risk, in the sense that it won't happen frequently, but it's worth noting anyway. Some people can't afford to fully trust those they share their living space with. Think college students for ex., particularly computer science college students who happen to share their room with people who were just put there by the residency administration. They barely know each other...

Just boot your os from a disk when ever you use your trezor
hero member
Activity: 504
Merit: 504
PGP OTC WOT: EB7FCE3D
legendary
Activity: 1106
Merit: 1004
caveden, it's small enough (physically) to fit on a keyring I guess. So such a person would just carry it with them.

Yes, that's reasonable. You can also lock it somewhere etc. I just wonder if concerned people will know about it and take necessary precautions.
Jump to: