Pages:
Author

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 40. (Read 966221 times)

legendary
Activity: 1722
Merit: 1217
Are you talking about the mitigation as described in this article http://johoe.mooo.com/trezor-power-analysis/ ?

Yes that is what I was talking about.


Hm, I bought my trezor just a few months ago, ... I think it's responsive enough, but I have no reference.
how much faster were earlier models exactly?

It wasnt having to do with earlier models. My trezor seemed to slow down significantly after the firmware update that came right after the discovery of that attack vector. But now it's seems to be back to the way it used to be. Also I could have just been experiencing an unlucky series of server problems with mytrezor.com around that time. Not sure.
legendary
Activity: 1484
Merit: 1007
spreadcoin.info
Am I correct in assuming that the reason the trezor is so derpy these days when it used to be fast as lighting is the result of patching some power analysis attack vectors?

Are you talking about the mitigation as described in this article http://johoe.mooo.com/trezor-power-analysis/ ?
Quote
On the bright side, this simple side chan­nel at­tack can be mit­ig­ated by us­ing con­stant-time code and as I showed this code does not have to be slow

Hm, I bought my trezor just a few months ago, ... I think it's responsive enough, but I have no reference.
how much faster were earlier models exactly?
full member
Activity: 135
Merit: 100
Zettel-Dolphin
Not sure if I maybe missed this somewhere but is there a way to change to change to labels of the individual accounts?

There where it says 'Account#1' 'Account#2' etc...



This is not yet possible, but new version of myTREZOR which will be released soon will allow that.

I assume that those account names are not stored on the device itself but kept around on the myTREZOR website, right?

-sf-
legendary
Activity: 3472
Merit: 1724
Any chance for Satoshi Labs to start sending Trezors in envelopes without any mention of "Trezor" on them?
legendary
Activity: 1484
Merit: 1007
spreadcoin.info
I received my trezor a few days ago, it really is an awesome device.
And now I finally have some free time.
Now the testing and dissection can begin,  Cool

Yep, that's IMHO the most awesome thing about the whole TREZOR project, that it is open source.
full member
Activity: 135
Merit: 100
Zettel-Dolphin
I received my trezor a few days ago, it really is an awesome device.
And now I finally have some free time.
Now the testing and dissection can begin,  Cool

-sf-
legendary
Activity: 3430
Merit: 3080
You are free to do what you please but some newbie with limited skills is gonna brick their phone if they take your advice. Reasons not to root.

Too negative. You're making the assumption that people are incapable of learning, or that they're incapable of assessing risks. You're promoting irresponsibility, ignorance and technological dependence, you cannot defend that.
legendary
Activity: 1806
Merit: 1164
Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps.

What difference does it make at all? An .apk downloaded from bitcointrezor.com isn't going to make your phone either more or less vulnerable to the pwnage bug affecting newer Snapdrgon SoC's. If you used Play Store to install Trezor Manager to a device with this flaw, the situation would be identical: pwned phone with properly verified Trezor App. Quelle difference.

As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone.

Uhhhhh, that's terrible advice. Google will help to keep 3rd party malware off your phone. Any malware developed either in-house or by deep state agencies will be delivered straight to your device when ready. Noticed how Google are becoming more and more involved in global politics recently? Roll Eyes Your trust in Google is misplaced.


My advice to Android users:

  • Gain root access
  • Flash up to date OS (preferably compiled yourself)
  • Install 3rd party App Store (make sure it has root privileges, I recommend the F-Droid Store)
  • Do not install or use the Play Store (or other Google Apps)
  • Regularly re-flash the latest OS updates (preferably compiled yourself)

I'm not saying that this is a perfect method, but it's a big improvement on "blindly trust the Play Store binary blob"

You are free to do what you please but some newbie with limited skills is gonna brick their phone if they take your advice. Reasons not to root.
legendary
Activity: 1722
Merit: 1217
The password manager is pretty cool but it kinda defeats the purpose when the first thing I see when I open the extension is a prompt for a password and I cant use my trezor password manager yet because it isn't open yet Undecided

So I end up still using keypass2 because I don't want to use my master pass on any web service and I dont want to try to memorize another password thats secure enough for the requirements of my email (since knowing my email authentication information would unlock pretty much all of my other accounts).

So at this point its like maybe, as cool as the trezor password manager is, maybe I just keep using keypass2 for everything?

Maybe I'm missing something.

*edit* maybe I just make a drop box account with a very simple password and then even if that drop box account were compromised they wouldn't get a hold of any of my other passwords since they don't have the trezor. Its obvious that google is just being used in this instance to store an encrypted database.

But you know what would be super nice is if you guys could provide cloud storage just for our encrypted password databases then you could offer trezor based authentication for that cloud storage rather than typing in a password. I would pay for that. Also though it would be nice to have a way to store that same database locally just incase your servers were on the fritz (like they sometimes are with mytrezor.com)

Just some thoughts.

*edit2* nvm. drop box doesn't have a free tier. so back to square one.
legendary
Activity: 3430
Merit: 3080
Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps.

What difference does it make at all? An .apk downloaded from bitcointrezor.com isn't going to make your phone either more or less vulnerable to the pwnage bug affecting newer Snapdrgon SoC's. If you used Play Store to install Trezor Manager to a device with this flaw, the situation would be identical: pwned phone with properly verified Trezor App. Quelle difference.

As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone.

Uhhhhh, that's terrible advice. Google will help to keep 3rd party malware off your phone. Any malware developed either in-house or by deep state agencies will be delivered straight to your device when ready. Noticed how Google are becoming more and more involved in global politics recently? Roll Eyes Your trust in Google is misplaced.


My advice to Android users:

  • Gain root access
  • Flash up to date OS (preferably compiled yourself)
  • Install 3rd party App Store (make sure it has root privileges, I recommend the F-Droid Store)
  • Do not install or use the Play Store (or other Google Apps)
  • Regularly re-flash the latest OS updates (preferably compiled yourself)

I'm not saying that this is a perfect method, but it's a big improvement on "blindly trust the Play Store binary blob"
legendary
Activity: 1806
Merit: 1164
Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps. As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone. Nice work on the Trezor Manager!
legendary
Activity: 3430
Merit: 3080
FYI: Trezor Android App was released today. It's just a management app for setting up and configuring Trezor, but with Mycelium, it provides a whole computer-less set up.

https://blog.trezor.io/trezor-manager-app-for-android-5f8b86bfc886#.hcqubj8ct

Link to Google Play Store: https://play.google.com/store/apps/details?id=io.trezor.app

It's good news, but there are problems:

  • Lack of source code (certainly no link)
  • Play Store (unknown source and functionality, vendor delivers product as a binary only)

So the claim that the App will work with any Android phone isn't true: there is a requirement that the handset has Play Store software (and, as is often the case with Android apps, may well depend on software libraries in the Play Store app or from Google Play Services). I'm surprised that the developers aren't aware that this is an issue, particularly as they were using a modern Nexus device to test the app.


So, my questions for Satoshi Labs:

  • Does the app have source code available?
  • Does it depend on Play Store libraries?
  • Can it be distributed as an .apk through more reliable channels?
newbie
Activity: 40
Merit: 0
FYI: Trezor Android App was released today. It's just a management app for setting up and configuring Trezor, but with Mycelium, it provides a whole computer-less set up.

https://blog.trezor.io/trezor-manager-app-for-android-5f8b86bfc886#.hcqubj8ct

Link to Google Play Store: https://play.google.com/store/apps/details?id=io.trezor.app
legendary
Activity: 924
Merit: 1000
There is a 20% discount for buying a trezor, but only for a short time:
https://twitter.com/BitcoinTrezor/status/763422042515529728
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.

Smiley Thank you xbach, your information is most helpful. I will check out Paralelni Polis.

Carlton, I suggest you contact Satoshi Labs directly ... for a legendary supporter like yourself you may even get a tour of the Labs Wink
legendary
Activity: 3430
Merit: 3080
You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.

Smiley Thank you xbach, your information is most helpful. I will check out Paralelni Polis.
newbie
Activity: 40
Merit: 0
@Czechians:

Is anyone aware of a bricks and mortar shop selling Trezors in Czechia? Preferably in Prague (and if the shop has a direct relationship with SatoshiLabs, that would be good also). I'm not too interested in the idea of trusting the postal service with a Trezor I intend to use for real (although the initial intent is to help test/troubleshoot integration with the Armory wallet)

If there is no such shop.... this is an opportunity! With the Trezor at only $99, I would much prefer to pay for a trip to Prague than pay $40 international shipping, for the peace of mind.

You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.
legendary
Activity: 3430
Merit: 3080
@Czechians:

Is anyone aware of a bricks and mortar shop selling Trezors in Czechia? Preferably in Prague (and if the shop has a direct relationship with SatoshiLabs, that would be good also). I'm not too interested in the idea of trusting the postal service with a Trezor I intend to use for real (although the initial intent is to help test/troubleshoot integration with the Armory wallet)

If there is no such shop.... this is an opportunity! With the Trezor at only $99, I would much prefer to pay for a trip to Prague than pay $40 international shipping, for the peace of mind.
sr. member
Activity: 373
Merit: 252
it dosen't even show at bottom of the screen ... meh

updated chroe (it crashed my pc though) but after recovering from crash n chrome, it's all good now.

thx Wink
If you're continuously running into that problem you can also access your Trezor through Electrum. To set it up, I suggest following this guide. I've found Electrum to be a much better piece of software to use with a Trezor compared to the MyTrezor web app.
legendary
Activity: 1500
Merit: 1002
Mine Mine Mine
wallet.mytrezor.com/ seems to be stuck on the loading screen entire day, is anyone having any issues ?

No, try going to application settings at the bottom of screen and changing server to localbitcoinschain.com

it dosen't even show at bottom of the screen ... meh

updated chroe (it crashed my pc though) but after recovering from crash n chrome, it's all good now.

thx Wink
Pages:
Jump to: