Pages:
Author

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 4. (Read 966194 times)

copper member
Activity: 1652
Merit: 1325
I'm sometimes known as "miniadmin"
I've just installed and tried the Beta client after some time not using the device, and even if I must admit that it's an amazing tool and makes the interface a lot more user friendly, I've "lost" all the tags/labels I had on the web client. I haven't really lost them, but they haven't synced even if I had the same dropbox account connected... Has this been addressed before and I don't seem to find it, or is it just me having trouble with my computer?
legendary
Activity: 1876
Merit: 3132
A beta version of Trezor Suite is now available for anyone to download. There is also a web version (Trezor Bridge is still required). Here's an official blog post. There isn't much information about upcoming features.
legendary
Activity: 1876
Merit: 3132
Are there any updates regarding the Trezor suite?

They talk about it more often on their Telegram channel. Apparently, it is going to become publicly available in the third quarter of this year and the closed beta is still running. The changelog is available here.
staff
Activity: 3500
Merit: 6152
Are there any updates regarding the Trezor suite? I haven't seen any Reddit post, tweet, or blog post about it since the beta was released, and I can't find any proper changelog to see the progress even though, it looks like the development is active on GitHub  Huh
hero member
Activity: 761
Merit: 606
I wonder if the idea I am going to present has ever been discussed with any sense of going forward:

Trezor does not have a serial number.  It does present a device # when connected to a site such as trezor.io or any other site/node and of course the mpk's are needed to display the balances and addresses.  That device # doesn't compromise security, BUT it could easily compromise privacy.  I operate several "hidden" wallets from each Trezor as I am certain that many of us here do.  Example; you connect a decoy/small wallet to a web wallet and use it or verify a balance or whatever.  The device # is presented, and the wallet software uses the mpk's presented.  I know all websites will say they don't log such things but I say why take any chances at all if it could be prevented by a simple software coding.  On the Trezor T there is space on the SD card if a user employs that option.

As a privacy improvement option; what if the code were changed so that the Trezor T presented a "spoofed" device # every time you connected it?  Example. When I use my daily wallet and things related directly to my name I could care less about recording the device # during a transaction.  But later if I want to view a more substantial wallet where storage is my concern, in that case I would strongly prefer that the device # provided be anonymous (un-related to previous transactions).  With this modification of code there would be NO way to ever connect the SAME device # to different mpk's thereby betraying your privacy.  Make sense?

There would be plenty of space on the SD card so memory/chip size wouldn't be a factor.  Again, this would be an option in trezorctl and not something forced upon every user.  I would most certainly use this feature without question.

BTW - I am not saying trezor.io is neglecting to forget our devices when we click on that option.  As a security buff I am saying that at some point in the future 3 letter agencies could employ enough pressure that they may have to retain information.  Electrum  nodes etc... are all under the same possibility of influence.  Surely this would be super simple code to write, and given the extra space on an SD card there is more than ample room to install it.

Any GitHub coders that would be willing to carry this idea over, feel free.  I love Trezors
legendary
Activity: 2212
Merit: 7064
I am looking to order my first trezor!

is it 100% secure? If yes, how can I verify it? Kinda curious as I am going to hold all the coins on trezor.
I would not say that anything is 100% secure, including Trezor wallet as we saw with recent reports from their competition.
Human factor is biggest issue here and flaws in software code.
However Trezor is open source and much more safer than regular desktop wallets.
Always use only official website and NEVER enter any seed words or private keys on any website to avoid phishing.
legendary
Activity: 3472
Merit: 1724
I am looking to order my first trezor!

is it 100% secure? If yes, how can I verify it? Kinda curious as I am going to hold all the coins on trezor.

https://wiki.trezor.io/Security:Threats
https://wiki.trezor.io/User_manual:Security_best_practices

If you set up a passphrase, and you adhere to basic security practices outlined above, it can be said that the Trezor wallet is "100% secure".
hero member
Activity: 761
Merit: 606
BitCryptex,

Thank you.  I was hoping that the SEED was encrypted.
jr. member
Activity: 202
Merit: 1
I am looking to order my first trezor!

is it 100% secure? If yes, how can I verify it? Kinda curious as I am going to hold all the coins on trezor.
legendary
Activity: 1876
Merit: 3132
If you still haven't set up trezorctl then I would recommend following this guide. Also, if you are going to do it on Windows, using WSL will be the fastest way.

1.  Trezor T SD protection question:  if a user enables SD protection using trezorctl does that directly impact encryption of the SEED on the hardware wallet?  I know SD Protect encrypts the PIN and you must have both your PIN and the SD inserted to unlock the Trezor.  My concerns are to clearly understand my locked Trezor T with my SD card hidden elsewhere  ------- would a high end physical hack at a laboratory see my SEED or an encrypted remnant of sorts?  I use super long BIP passphrases to mitigate anyway, but I want to understand EXACTLY how SD Protect impacts the stored SEED on my device.

This feature encrypts your device's data (including the seed). If you enter a wrong or correct PIN without an SD card, the device will return an error and ask you to insert it. Once the correct SD card is inserted, you have 16 attempts to enter the correct PIN. You can easily copy the "secret" to multiple SD cards. It is stored in "trezor/device_id/salt" and can be accessed using any file explorer.

2. If I have a few Trezors that are setup using software wallets (not trezorctl) e.g. Electrum/trezor.io, is it safe to connect using trezorctl and just configure a few options not available on simple web wallets?

Yes, vice-versa works completely fine as well. Electrum and other third-party software do not care if you have the SD card protection enabled (because they see the device as locked) or if you used trezorctl to create a 18 word seed.
hero member
Activity: 761
Merit: 606
I hope this thread is the place for these questions.  At 266 pages this thread is too long to read entirely but I checked the last half a dozen pages.

1.  Trezor T SD protection question:  if a user enables SD protection using trezorctl does that directly impact encryption of the SEED on the hardware wallet?  I know SD Protect encrypts the PIN and you must have both your PIN and the SD inserted to unlock the Trezor.  My concerns are to clearly understand my locked Trezor T with my SD card hidden elsewhere  ------- would a high end physical hack at a laboratory see my SEED or an encrypted remnant of sorts?  I use super long BIP passphrases to mitigate anyway, but I want to understand EXACTLY how SD Protect impacts the stored SEED on my device.

2. If I have a few Trezors that are setup using software wallets (not trezorctl) e.g. Electrum/trezor.io, is it safe to connect using trezorctl and just configure a few options not available on simple web wallets?  Everything is backed up multiple times so there is no danger of losing coins, just trying to save time if I can.  Blowing away and starting over is doable just asking.
legendary
Activity: 1876
Merit: 3132
Then they must have a different database of emails to spam people's mailboxes with  Undecided

Yeah, there is a checkbox during checkout which signs up people for their newsletter and other spam. I am quite sure that lately, they have been sending a lot of e-mails with links to their articles.
legendary
Activity: 1652
Merit: 4392
Be a bank
Then they must have a different database of emails to spam people's mailboxes with  Undecided
legendary
Activity: 1876
Merit: 3132
Trezor has just shared a 10% discount code “DATAPRIVACY” that you can use in their shop. It is limited to 4500 people and 48 hours. Also, they mentioned that they get rid of any sensitive data (including e-mail addresses) from the e-shop after 90 days.
legendary
Activity: 1876
Merit: 3132
Trezor is celebrating the 6th birthday of Trezor One. Starting at midnight 21st July (00:00 CEST) until 23rd July (09:00 CEST) - for every Trezor T bought, a free Trezor One will be given.
legendary
Activity: 1876
Merit: 3132
Not sure why you suggested downgrading to 3.3.8 though? Since that message is showing in both versions, what difference would it make?

Probably none. I thought that Electrum 3.3.8 was old enough to be fully supported by your Trezor's outdated firmware. Since the signing process has been refactored in the recent Trezor software updates, I assumed that you might fail to sign the transaction using the latest version of Electrum.
legendary
Activity: 3472
Merit: 1724
Thanks! I ignored it and it worked just fine. Not sure why you suggested downgrading to 3.3.8 though? Since that message is showing in both versions, what difference would it make?

I think the potential problems with signing transactions are related to this: https://blog.trezor.io/latest-firmware-updates-correct-possible-segwit-transaction-vulnerability-266df0d2860

https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd
staff
Activity: 3500
Merit: 6152
It is definitely not going to be wiped if you ignore that message, but you might not be able to sign the transaction. Why don't you use the previous version of Electrum (3.3.Cool just to be safe? You don't have to uninstall the current one. Simply download the portable executable.

Thanks! I ignored it and it worked just fine. Not sure why you suggested downgrading to 3.3.8 though? Since that message is showing in both versions, what difference would it make?
legendary
Activity: 1876
Merit: 3132
I looked at the changelogs (https://wiki.trezor.io/Firmware_changelog) and checked the blog posts for the last two updates, and apparently, updating shouldn't wipe the device. Any thoughts?

While both of these updates didn't wipe my device directly, they failed to install using both my computer and my laptop resulting in broken firmware which forced me to wipe my device and install the firmware again using my Android phone. In both cases, as stated by the error log on the device, something was interrupting the USB connection so it wasn't updates' fault. It might work fine for you, but the following idea may be better.

I don't have access to my seed right now, and I need to make a transaction. Do you guys know if it's safe to ignore this message and continue, or can the device get wiped if I do so?

It is definitely not going to be wiped if you ignore that message, but you might not be able to sign the transaction. Why don't you use the previous version of Electrum (3.3.8) just to be safe? You don't have to uninstall the current one. Simply download the portable executable.
staff
Activity: 3500
Merit: 6152
I don't have access to my seed right now, and I need to make a transaction. Do you guys know if it's safe to ignore this message and continue, or can the device get wiped if I do so?



I looked at the changelogs (https://wiki.trezor.io/Firmware_changelog) and checked the blog posts for the last two updates, and apparently, updating shouldn't wipe the device. Any thoughts?
Pages:
Jump to: