Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 40. (Read 966173 times)

Yes that is what I was talking about.



It wasnt having to do with earlier models. My trezor seemed to slow down significantly after the firmware update that came right after the discovery of that attack vector. But now it's seems to be back to the way it used to be. Also I could have just been experiencing an unlucky series of server problems with mytrezor.com around that time. Not sure.

Are you talking about the mitigation as described in this article http://johoe.mooo.com/trezor-power-analysis/ ?

Hm, I bought my trezor just a few months ago, ... I think it's responsive enough, but I have no reference.
how much faster were earlier models exactly?

I assume that those account names are not stored on the device itself but kept around on the myTREZOR website, right?

-sf-

Any chance for Satoshi Labs to start sending Trezors in envelopes without any mention of "Trezor" on them?

Yep, that's IMHO the most awesome thing about the whole TREZOR project, that it is open source.

I received my trezor a few days ago, it really is an awesome device.
And now I finally have some free time.
Now the testing and dissection can begin,  

-sf-

Too negative. You're making the assumption that people are incapable of learning, or that they're incapable of assessing risks. You're promoting irresponsibility, ignorance and technological dependence, you cannot defend that.

You are free to do what you please but some newbie with limited skills is gonna brick their phone if they take your advice. Reasons not to root.

The password manager is pretty cool but it kinda defeats the purpose when the first thing I see when I open the extension is a prompt for a password and I cant use my trezor password manager yet because it isn't open yet

So I end up still using keypass2 because I don't want to use my master pass on any web service and I dont want to try to memorize another password thats secure enough for the requirements of my email (since knowing my email authentication information would unlock pretty much all of my other accounts).

So at this point its like maybe, as cool as the trezor password manager is, maybe I just keep using keypass2 for everything?

Maybe I'm missing something.

*edit* maybe I just make a drop box account with a very simple password and then even if that drop box account were compromised they wouldn't get a hold of any of my other passwords since they don't have the trezor. Its obvious that google is just being used in this instance to store an encrypted database.

But you know what would be super nice is if you guys could provide cloud storage just for our encrypted password databases then you could offer trezor based authentication for that cloud storage rather than typing in a password. I would pay for that. Also though it would be nice to have a way to store that same database locally just incase your servers were on the fritz (like they sometimes are with mytrezor.com)

Just some thoughts.

*edit2* nvm. drop box doesn't have a free tier. so back to square one.

What difference does it make at all? An .apk downloaded from bitcointrezor.com isn't going to make your phone either more or less vulnerable to the pwnage bug affecting newer Snapdrgon SoC's. If you used Play Store to install Trezor Manager to a device with this flaw, the situation would be identical: pwned phone with properly verified Trezor App. Quelle difference.


Uhhhhh, that's terrible advice. Google will help to keep 3rd party malware off your phone. Any malware developed either in-house or by deep state agencies will be delivered straight to your device when ready. Noticed how Google are becoming more and more involved in global politics recently? Your trust in Google is misplaced.


My advice to Android users:

• Gain root access
• Flash up to date OS (preferably compiled yourself)
• Install 3rd party App Store (make sure it has root privileges, I recommend the F-Droid Store)
• Do not install or use the Play Store (or other Google Apps)
• Regularly re-flash the latest OS updates (preferably compiled yourself)

I'm not saying that this is a perfect method, but it's a big improvement on "blindly trust the Play Store binary blob"

Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps. As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone. Nice work on the Trezor Manager!

It's good news, but there are problems:

• Lack of source code (certainly no link)
• Play Store (unknown source and functionality, vendor delivers product as a binary only)

So the claim that the App will work with any Android phone isn't true: there is a requirement that the handset has Play Store software (and, as is often the case with Android apps, may well depend on software libraries in the Play Store app or from Google Play Services). I'm surprised that the developers aren't aware that this is an issue, particularly as they were using a modern Nexus device to test the app.


So, my questions for Satoshi Labs:

• Does the app have source code available?
• Does it depend on Play Store libraries?
• Can it be distributed as an .apk through more reliable channels?

FYI: Trezor Android App was released today. It's just a management app for setting up and configuring Trezor, but with Mycelium, it provides a whole computer-less set up.

https://blog.trezor.io/trezor-manager-app-for-android-5f8b86bfc886#.hcqubj8ct

Link to Google Play Store: https://play.google.com/store/apps/details?id=io.trezor.app

There is a 20% discount for buying a trezor, but only for a short time:
https://twitter.com/BitcoinTrezor/status/763422042515529728

Carlton, I suggest you contact Satoshi Labs directly ... for a legendary supporter like yourself you may even get a tour of the Labs

Thank you xbach, your information is most helpful. I will check out Paralelni Polis.

You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.

@Czechians:

Is anyone aware of a bricks and mortar shop selling Trezors in Czechia? Preferably in Prague (and if the shop has a direct relationship with SatoshiLabs, that would be good also). I'm not too interested in the idea of trusting the postal service with a Trezor I intend to use for real (although the initial intent is to help test/troubleshoot integration with the Armory wallet)

If there is no such shop.... this is an opportunity! With the Trezor at only $99, I would much prefer to pay for a trip to Prague than pay $40 international shipping, for the peace of mind.

If you're continuously running into that problem you can also access your Trezor through Electrum. To set it up, I suggest following this guide. I've found Electrum to be a much better piece of software to use with a Trezor compared to the MyTrezor web app.

it dosen't even show at bottom of the screen ... meh

updated chroe (it crashed my pc though) but after recovering from crash n chrome, it's all good now.

thx