[ESHOP launched] Trezor: Bitcoin hardware wallet - page 251.

commonancestor

newbie

Activity: 58

Merit: 0

My ideas about possible screens.

* Generate new address
receive "generate new address" command from USB
display "Generate address?" "OK/Cancel"
generate new and

display "Show priv key?" "OK/Skip"
display "Priv key" "" "OK/Cancel"
display "Address" "

" "Store/Cancel"
store and

transmit

to USB

* Sign transaction
receive "sign transaction" command and from USB
display "Sign transaction?" "OK/Cancel"
parse values , , , []
display "Send-to addr" "" "OK/Cancel"
display "Amount" "" "OK/Cancel"
display "Fee" "" "Sign/Cancel"
sign using stored private keys for [] into (what if some send-from addresses are not in the wallet?)
transmit to USB

* List addresses
receive "list addresses" command from USB
display "List addresses?" "List/Cancel"
loop through

[]
transmit

to USB
display "Address" "

" "Next/Cancel"
end loop

* Delete address
receive "delete address" command and

from USB
display "Delete address?" "OK/Cancel"
display "Address" "

" "Delete/Cancel"
delete

and its from storage

Maybe there could be also a PIN security feature for the device. The PIN would be a hexadecimal number entered in a binary form. Roll Eyes

Once the PIN is set, the device auto-locks when disconnected or after some period of inactivity, and then it needs to be unlocked next time.

* Set PIN
receive "set pin" command from USB
display "Set PIN?" "OK/Cancel"
display "1111 0111 10*_ ___" "F 7 8 _" "0/1" (enter 16 binary digits)
display "Setting PIN" "" "Confirm/Cancel"
store

* Unlock device
receive any command from USB when the device is locked
display "Unlock device?" "OK/Cancel"
display "1111 0111 10*_ ___" "F 7 8 _" "0/1" (enter 16 binary digits)
display "Unlocking device" "" "Confirm/Cancel"
verify
unlock device and continue

stick

sr. member

Activity: 441

Merit: 268

Quote from: Mike Hearn on January 20, 2013, 02:29:13 PM

You don't have to do this now. As the software is open source, somebody could contribute such a protocol and then you incorporate it into your signed builds.

Yes, this is very nice concept but currently out of our project's scope. As you write, once the Trezor is released, it is a matter of rather small firmware modification ...

slush

legendary

Activity: 1386

Merit: 1097

[BOUNTY] 2 BTC - logo for Trezor: Bitcoin Hardware Wallet ;-)

molecular

donator

Activity: 2772

Merit: 1019

Quote from: ?? on ??

Not content with:
+ redefining the nature of money, see bitcoinj
+ reimagining the meaning of property rights, see video presentation of Bitcoin London 2012

. . . Mike now goes on to reinvent representative democracy.

Please, for the love of God, can someone stop this guy before he redefines the very essence of reality and/ or space-time and we all become - well - the mind boggles.

:-)

yo jim, don't give him ideas!!

Mike Hearn

legendary

Activity: 1526

Merit: 1134

Quote from: ?? on ??

. . . Mike now goes on to reinvent representative democracy.

Haha, thanks

Actually that's an old interest. Here's a paper I wrote about 6 years ago:

https://docs.google.com/document/d/1jidmNJHWAtsPLCUD7EPPm8jOEV93kSXbZOMycqCWOyA/edit?authkey=CN7BnLUG&authkey=CN7BnLUG

It covers how to use secure hardware to build a new kind of democracy where votes can be delegated by topic up a tree of representatives. I think these days people call it "liquid democracy". I never did anything with the idea. The paper talks about smart cards but Trezor style devices are a better fit.

2112

legendary

Activity: 2128

Merit: 1073

Quote from: Mike Hearn on January 20, 2013, 02:29:13 PM

Quote from: slush on January 19, 2013, 05:37:12 PM

Quote from: Mike Hearn on January 19, 2013, 11:51:07 AM

Have you considered adding support for a generic trusted path protocol so any server can send a message and get back an A/B answer in a secure manner?

Do you have any proposal how this should work? Actually device is able to sign bitcoin transactions (pay to address, pay to script hash) and sign bitcoin messages.

Yes. Consider the case of online voting. The voting server wants to ensure the following

a) The vote is cast by a human, not a virus.
b) The vote is cast by each human only once.

We can satisfy this use case by using Trezor like this:

Each Trezor has a unique public key (can be RSA) and a certificate signed by the manufacturers, ie, you and stick.
When you start the voting process, the Trezor sends its certificate to the computer, which then sends it on to the voting server.
The server checks that this certificate has not been seen before, and then encrypts/signs a protocol buffer that includes a message to display onscreen (any arbitrary text) and the two options available. That signed message gets sent to the Trezor, which shows it on screen.
The users answer is then signed with the devices private key and uploaded to the voting server which checks it against the public key in the certificate.

In this way, the server can know that no virus interfered with the communication and there is no fake device at work. Of course, it assumes that the devices are somewhat secure against physical tampering.

If you can already sign/verify text messages in the standard way, then I guess you could add it on top of that, though the need to communicate certificates and things makes it not really necessary to re-use something designed only for text.

You don't have to do this now. As the software is open source, somebody could contribute such a protocol and then you incorporate it into your signed builds.

One trezor, one vote!

Slush, if you are going to start a political party, remember that I was always your friend. Hopefully my trezors will have low serial numbers. Wink

Mike Hearn

legendary

Activity: 1526

Merit: 1134

Quote from: slush on January 19, 2013, 05:37:12 PM

Quote from: Mike Hearn on January 19, 2013, 11:51:07 AM

Have you considered adding support for a generic trusted path protocol so any server can send a message and get back an A/B answer in a secure manner?

Do you have any proposal how this should work? Actually device is able to sign bitcoin transactions (pay to address, pay to script hash) and sign bitcoin messages.

Yes. Consider the case of online voting. The voting server wants to ensure the following

a) The vote is cast by a human, not a virus.
b) The vote is cast by each human only once.

We can satisfy this use case by using Trezor like this:

Each Trezor has a unique public key (can be RSA) and a certificate signed by the manufacturers, ie, you and stick.
When you start the voting process, the Trezor sends its certificate to the computer, which then sends it on to the voting server.
The server checks that this certificate has not been seen before, and then encrypts/signs a protocol buffer that includes a message to display onscreen (any arbitrary text) and the two options available. That signed message gets sent to the Trezor, which shows it on screen.
The users answer is then signed with the devices private key and uploaded to the voting server which checks it against the public key in the certificate.

In this way, the server can know that no virus interfered with the communication and there is no fake device at work. Of course, it assumes that the devices are somewhat secure against physical tampering.

If you can already sign/verify text messages in the standard way, then I guess you could add it on top of that, though the need to communicate certificates and things makes it not really necessary to re-use something designed only for text.

You don't have to do this now. As the software is open source, somebody could contribute such a protocol and then you incorporate it into your signed builds.

novusordo

sr. member

Activity: 800

Merit: 250

Any idea on what the price for one is looking like at this point?

slush

legendary

Activity: 1386

Merit: 1097

Quote from: Red Emerald on January 19, 2013, 02:53:33 PM

Maybe 4-6 weeks? Tongue

Maybe. And maybe not :-P

slush

legendary

Activity: 1386

Merit: 1097

Quote from: Mike Hearn on January 19, 2013, 11:51:07 AM

Have you considered adding support for a generic trusted path protocol so any server can send a message and get back an A/B answer in a secure manner?

Do you have any proposal how this should work? Actually device is able to sign bitcoin transactions (pay to address, pay to script hash) and sign bitcoin messages.

Red Emerald

hero member

Activity: 742

Merit: 500

Super excited for this. Any estimates for when you will accept orders?

Maybe 4-6 weeks? Tongue

Mushroomized

legendary

Activity: 1470

Merit: 1002

Hello!

Quote from: slush on January 19, 2013, 11:14:26 AM

It's just colored finish; natural aluminium color will appear on deep scratches. AFAIK there's no technology for producing colored aluminium/duralumin.

Oh, just like those clip things.

Neat, this is turning out to be pretty neat

Mike Hearn

legendary

Activity: 1526

Merit: 1134

When do we get to see one fully assembled?

Do you have any details on how you'll be selling/producing them? Any idea of cost price?

Have you considered adding support for a generic trusted path protocol so any server can send a message and get back an A/B answer in a secure manner?

Lionluck

newbie

Activity: 16

Merit: 0

Quote from: World on January 19, 2013, 11:04:24 AM

missing gold color

elox can be yellow... gold plating (known as TitanNitrid) we can try in future :-)

World

hero member

Activity: 743

Merit: 500

Quote from: jim618 on January 19, 2013, 11:24:03 AM

Quote from: slush on January 19, 2013, 11:14:26 AM

It's just colored finish; natural aluminium color will appear on deep scratches. AFAIK there's no technology for producing colored aluminium/duralumin.

elox is pretty hard though - it is used (though thicker admittedly) on industrial fittings to reduce surface wear.

may help
http://en.wikipedia.org/wiki/Anodizing

jim618

legendary

Activity: 1708

Merit: 1066

Quote from: slush on January 19, 2013, 11:14:26 AM

It's just colored finish; natural aluminium color will appear on deep scratches. AFAIK there's no technology for producing colored aluminium/duralumin.

elox is pretty hard though - it is used (though thicker admittedly) on industrial fittings to reduce surface wear.

slush

legendary

Activity: 1386

Merit: 1097

It's just colored finish; natural aluminium color will appear on deep scratches. AFAIK there's no technology for producing colored aluminium/duralumin.

Mushroomized

legendary

Activity: 1470

Merit: 1002

Hello!

Quote from: slush on January 19, 2013, 11:08:25 AM

Gold color isn't so easy. We're thinking about gold-plated casings, but it's definitely out of current scope :-).

if they are scratched will the color change, or are they the same color the whole way through? (not the gold plated ones I mean)

SouthernComfort

newbie

Activity: 28

Merit: 0

So....EPIC!!!!

slush

legendary

Activity: 1386

Merit: 1097

Gold elox isn't so easy. We're thinking about gold-plated casings, but it's definitely out of current scope :-).

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 251. (Read 966173 times)