Just saying, why use this at a merchant? There's no reason to so just don't. And what if you accidentally use an address you just have away the private key for?
Having said that, I love this for personal use and hopefully version 2 will support private key transfer over a segregated nfc chip.
Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 237. (Read 966173 times)
you could use it at a merchant with no worries
No worries for who? You or the merchant? Just go into a store tomorrow and ask them if you could plug your Trezor (or a USB stick or a keyboard or something) into their cash register to pay
.I'm not saying it can't be done, I just don't see merchants installing and securing a separate computer for Bitcoin payments (something you could safely (for them) plug any USB device in). Look at that link I've sent you, that rubbery ducky USB flash drive is actually a keyboard that instantly types a set of commands to hack your computer the moment you've inserted it into an USB port. No need for autorun, as far as your system is concerned, it's a keyboard, typing commands. Have a look, it's nice (and scary at the same time).
Either the device is secure or it isn't. If it isn't, then it's pointless. If it is, then it is safe to use on your own (presumably infected) computer or a merchant's.
It may be safe for you, but not for the merchant
. It's their computer (possibly the one running the cash register) that you're plugging the Trezor in ... not gonna happen .It is safe to use on your own computer, even if it's infected with malware/viruses/etc. It's not necessarily safe from physical attacks (and I don't think they ever claimed it would be), it just exposes a Bitcoin signing interface through a very limited interface. It is also not a full Bitcoin wallet, it's just an accessory to one.
What he's saying is that the device could be attacked - obviously not by design, it's designed to not allow the private key to be read by issuing commands to the Trezor. But depending on the chip they've chosen, physical possession of the Trezor by an attacker would allow him to run other types of attacks (power analysis, etc.) to extract the private keys from the memory.
I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.
As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.
I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.
As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.
you could use it at a merchant with no worries
What he's saying is that the device could be attacked - obviously not by design, it's designed to not allow the private key to be read by issuing commands to the Trezor. But depending on the chip they've chosen, physical possession of the Trezor by an attacker would allow him to run other types of attacks (power analysis, etc.) to extract the private keys from the memory.
I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.
As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.
I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.
As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.
No never plug this into another computer.
stop spreading fud bitpop. This device is completely secure even on unsecure computer since the private key never leaves the device and you can't emulate the press of the hardware button to confirm the transaction
Nothing is secure. But this is secure enough to use on your own computers, not a computer fully exploited and targeted towards you. Satellite SIM cards have been hacked and they use the same technology.
It's a far fetch but it could be exploited to give up the private keys, exactly whats in its limited memory.
Either the device is secure or it isn't. If it isn't, then it's pointless. If it is, then it is safe to use on your own (presumably infected) computer or a merchant's.
Where are the files for building PCB. Thank you.
In a similar vein, could you publish the CAD files for the casing? I think you are going to have an aftermarket for this device.
And I ordered one
I'm curious to know what happened to the Kickstarter campaign, does anybody know?
Kickstarter left us 2 weeks without response, then they said they disliked certain parts of the campaign. When we changed them, they were still not satisfied, but at the same time very vague about what actually they didn't like. So we decided to abandon that route, because we spend almost 4 weeks on it since the conference.
+1 preorder of the plastic model.
I'm curious to know what happened to the Kickstarter campaign, does anybody know?
I'm curious to know what happened to the Kickstarter campaign, does anybody know?
Where are the files for building PCB. Thank you.
http://www.coindesk.com/trezor-now-taking-pre-orders-for-its-hardware-bitcoin-wallet/
There are two versions of the device. A plastic-encased model, set for a November 2013 release, sells for 1 BTC. That is followed by a brushed aluminum version which costs 3 BTC and is slated for an October 2013 release. Pre-ordering for either of the wallets is available through the Trezor eShop
There are two versions of the device. A plastic-encased model, set for a November 2013 release, sells for 1 BTC. That is followed by a brushed aluminum version which costs 3 BTC and is slated for an October 2013 release. Pre-ordering for either of the wallets is available through the Trezor eShop
It's a far fetch but it could be exploited to give up the private keys, exactly whats in its limited memory.
its my understanding that the device has no extra memory what so ever above what is needed for the devise to perform its functions. this means there is literally no place for malware to reside. unless there is a flaw in the signature scheme, in which case we have much bigger problems, than it should be entirely safe even to plug this devise into a computer that you know for a fact is infected with malware.
True but a vulnerability could be developed at some point.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
No never plug this into another computer.
In theory, this should still be safe, as the trezor never reveals private keys. ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
its my understanding that the device has no extra memory what so ever above what is needed for the devise to perform its functions. this means there is literally no place for malware to reside. unless there is a flaw in the signature scheme, in which case we have much bigger problems, than it should be entirely safe even to plug this devise into a computer that you know for a fact is infected with malware.
potentially if the attacker could streamline the existing code than he could in theory *make* room for his malware. thats pretty far fetched though because i have to imagine that the code that governs the operation of the device is on read only memory.
Philip Banks over here
I just ordered one of each kind. Awesome work guys, I'm excited to see the produce
I just ordered one of each kind. Awesome work guys, I'm excited to see the produce
It's a far fetch but it could be exploited to give up the private keys, exactly whats in its limited memory.
its my understanding that the device has no extra memory what so ever above what is needed for the devise to perform its functions. this means there is literally no place for malware to reside. unless there is a flaw in the signature scheme, in which case we have much bigger problems, than it should be entirely safe even to plug this devise into a computer that you know for a fact is infected with malware.
True but a vulnerability could be developed at some point.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
No never plug this into another computer.
In theory, this should still be safe, as the trezor never reveals private keys. ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
its my understanding that the device has no extra memory what so ever above what is needed for the devise to perform its functions. this means there is literally no place for malware to reside. unless there is a flaw in the signature scheme, in which case we have much bigger problems, than it should be entirely safe even to plug this devise into a computer that you know for a fact is infected with malware.
True but a vulnerability could be developed at some point.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
No never plug this into another computer.
In theory, this should still be safe, as the trezor never reveals private keys. ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
its my understanding that the device has no extra memory what so ever above what is needed for the devise to perform its functions. this means there is literally no place for malware to reside. unless there is a flaw in the signature scheme, in which case we have much bigger problems, than it should be entirely safe even to plug this devise into a computer that you know for a fact is infected with malware.
I expected portnoy to do the same, not you.
I've already read through all the thread to find out the information I was looking for but I still made the request on purpose to make life easier for the next person searching for the same information, specially in the product page where it's much more difficult to find this thread.
Well he already said Armory is ready and Electrum is coming.
WTF are you saying?
Asking for basic information on how to use a product one is looking to buy (to determine, for one thing, if it is even something one 'can' make use of it)
is an unreasonable request?
Such babies
WTF are you saying?
Asking for basic information on how to use a product one is looking to buy (to determine, for one thing, if it is even something one 'can' make use of it)
is an unreasonable request?
I've already read through all the thread to find out the information I was looking for but I still made the request on purpose to make life easier for the next person searching for the same information, specially in the product page where it's much more difficult to find this thread.
True but a vulnerability could be developed at some point.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
The use case of this device is to add protection to an already protected computer. Not for protection against an infested one. You would use this to confirm a transaction using your device and let the transaction cross to the merchant via the network. Not physical touching.
No never plug this into another computer.
In theory, this should still be safe, as the trezor never reveals private keys. ya that's what i was thinking so it should be perfectly safe from a security stand point to plug it into someone elses computer but would it work? would the devise be able to communicate enough information for the retailers client to properly prepare the transaction for you to then sign?
it would be a really big deal i think if the trezor could be used in this way. it would make using bitcoin for real world transactions soo much simpler, grandma could start using bitcoin.
Jump to: