Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 235. (Read 966173 times)

Steps:
1: tell exchange your public key which then gets locked in
2: exchanges shows you which public key you submitted and to submit a message signed with the corresponding private key
2a: if you see some other address you abort
2b: if you see the correct address proceed to signing the message
3: send the signed message to exchange + 2FA time based PIN to authorize the withdrawal (hell, the message could be the PIN)
4: exchange sends bitcoins to the public key

What this does?
It prevents a virus from replacing the address you submit to an exchange as a destination for a withdrawal with an attackers address

What this doesn't do?
Helps you in anyway if an attacker has access to your account, obviously.

But what would be a correct signature? How would the exchange know that the address really belongs to you? The signature could be provided by the virus, using the attacker's private key.

Just watching and waiting...

I don't want anyone to get hacked, all I'm saying is that trezor is safe to plug in to whichever computer (even full of malware and keyloggers) and send your bitcoins to whomever you want from it. If you understood the concept of Trezor then you would agree with me.

The thing is that you are only signing the transaction with your trezor and the only way that it can be done is by pressing the hardware button. So you are spreading fud by saying Trezor is not safe. Read and research more on this topic before making more claims please.

Without getting the correct signature the exchange would not send to that public key.

 

The virus could send his own signature to the exchange. You would confirm something on Trezor but its signature would never even reach the exchange.

A certificate per device is probably the best way to counter such risk indeed. But I'd prefer if it were something more reusable, not something bound to a single exchange. Your device's certificate could have your name or a pseudonymous you choose the moment you buy it. This way it could be useful not only when buying coins from exchanges, but when doing person-to-person transfers as well.
I'm only wondering if it doesn't pose a problem privacy-wise. You'd sign all your addresses with the same certificate. This certificate should never end up on the blockchain so theoretically your privacy is not vulnerable to a random observer. But those who had previously sent you money will recognize you if they ever send something again.... I guess that's a reasonable trade-off, if I'm not missing anything.

I preordered one, and I hardly do this kinda of things, so I am ready for some more security

I might offer a bounty to the first instance of a picture/video of a bonafide grandma using a Trezor somewhere .... mmm, might have to be at retail location somewhere grandma like also.

http://i.imgur.com/tDG66wt.jpg

Here's a quick mockup I made. I just made some guesses on the Trezor's actual dimensions.

If a user wanted to use a wifi/NFC/Bluetooth + battery + USB host device and connected it to the Trezor like the above picture then any arbitrary communication protocol could be used to send information to the red "base station" from the merchant. Then the device could build the transaction without giving the Barista the ability to see the entire financial history of the wallet (depending how smart you could make the device). A cell phone could be linked to such a device as well.

This fixes the problem of the direct electrical connection, but does introduce other security issues (spoofing wifi/NFC/Bluetooth, etc.).

Not really? Why would it be hard? The same way the device asks you to authorize a transaction it should be able to ask you to authorize a signature for a certain address. And if you are signing for a public key that a virus put there instead of the real public key, the hardware wallet signature wont be valid with that public key.

By the way, I was talking to Chris (of BitSafe) at the conference and he brought up a good point we haven't considered before.

The combination of TREZOR/BitSafe and the payment protocol means you can get money out of the device safely, assuming the entity you're paying is signing their payment requests. But how do you get money into it? If your computer is compromised, this is hard.

Chris suggested a reverse payment protocol. As far as I can see, the best way to solve it is indeed for each device to be issued with a private key at the factory, with a certificate signed by the manufacturers (you), so it can prove that it's a real TREZOR. Then you strike deals with exchanges so they act as resellers, like how Mt Gox resells YubiKeys. When you order a TREZOR from the exchange, they record the public key+certificate of the device alongside your account and will only allow you to export your bitcoins to a key signed by the private key of the device. In this way a virus on your computer cannot redirect your coins once you have bought them on the exchange.

You may still have the strip, but its blank

A credit card doesn't cost $100 in plastic and $300 in metal and the bank will exchange it for free if stolen/damaged. And if they fry the NFC part via EMP, you still have the magstripe. If they also apply a strong magnetic field and erase that as well, you still have the card digits and one of those imprinters would work just fine.

Again, I'm not saying it can't be made secure, I'm just pointing out that it's not as easy as "just plug it into the merchant's USB port and it will work". There's a lot of work that still needs to be done to make that happen and I doubt that any merchant will invest in all this extra hardware just to support a $100-$300 device that people _might_ have on them.

I'm speaking from experience, I've seen what happened to contactless Visa and Mastercard deployments here in Romania. Very few people have contactless cards, so even though the employees get training on how to use the terminals, they forget it if nobody pays that way. They simply ask you to use the card as a normal chip-and-pin card and their contactless readers are either disconnected or broken. Who's going to offer maintenance services for all this extra hardware and how much will it cost the merchant? Will it make sense for them financially to pay that amount (what advantages do they get compared to standard Bitcoin payments)?

Maybe because the Trezor protocol requires the computer to be able to build transactions and thus know the contents of your wallet, including your root public key and so your balance + past/future transactions ?

Come on stick. You know as well as I do that Trezor does not mean "you don't have to trust the computer". It means "the computer cannot steal your money". That is NOT the same thing. The computer still gets to have a lot of private, sensitive financial data that I wouldn't want random coffee shop baristas to have.

And yes, I agree that plugging the device into a phone is a bit ugly. That's why I'd not do it very often. Just when I want to refill my mobile wallet which can then pay others with a single tap, scan or airdrop style interaction.

the difference is: you're not transferring centrally monitored IOUs on colorful paper nothings, but sound money.

um doesnt pretty much every retailer in the first word have a little terminal for credit cards? how is this any different?

what do you mean?

Where is slush? Maybe he isn't as arrogant, as he's been robbed before.

Yeah, that worked for me. I saw the flawed logic and now I got this soldering iron in my hand and am looking at maxwells equations. :-)