I received an Email from Trezor today, they are having a Holiday sale; buy a Trezor T and get a Trezor one for free, or buy a Trezor T and get a second for half price. I don't see the promotion on their site, I think it's an email marketing thingy. If you're not signed up for Trezor promotional emails, they don't send them often, and when they do it's worth getting spammed. Just sayin'.
If you're interested send me a PM, and I'll send you the links.
Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 6. (Read 965789 times)
Trezor Black Friday starts on 29 November at 00:00 and will end on 3 December 09:00 (GMT+1). You can use “TRZR30“ promo code to get a 30% discount on everything!
Since the beginning of October, Trezor beta testers are able to test another beta version of the Trezor Firmware. The latest update added FIDO2 support and an enhancement to Shamir Backup - Super Shamir Backup which allows to divide existing shares into groups. By doing this, one group might need to provide more shares in order to recover the wallet. More information can be found here.
Too bad, If they knew it, why didn't they choose a different chip?
There might have not been any alternatives. I am not an expert in this field. Ledger HW.1 also had an STM chip in its smartcard.
Did any hard wallet manufacturer offer a reward for revealing hardware vulnerabilities against their devices?
Yes, both Ledger and Trezor have their responsible disclosures programs. Ledger was supposed not to disclose this vulnerability publicly since it also affects many other devices. No individual has found out about it before them.
Has it been hacked as Trezor has?
There is no comparable hack at the moment for Ledger. Everything has been patched so far.
So, basicaly they admited the proplem but they did not say that they would fix it even in their future devices.
This sentence does not make any sense. Did you mean 'wouldn't fix'?
Quote
Trezor is not the only device affected by this vulnerability. It looks like that every device with a ST microchip is affected so it's not their fault. Actually, they admitted that they had been aware of it since the beginning.
Too bad, If they knew it, why didn't they choose a different chip?Quote
I don't know how many alternatives there are.
Did any hard wallet manufacturer offer a reward for revealing hardware vulnerabilities against their devices?That would be cool
Quote
Ledger uses a different chip which provides 'security through obscurity'
Has it been hacked as Trezor has? So, basicaly they admited the proplem but they did say that they would fix it even in their future devices.
This sentence does not make any sense. Did you mean 'wouldn't fix'? Trezor is not the only device affected by this vulnerability. It looks like that every device with a ST microchip is affected so it's not their fault. Actually, they admitted that they had been aware of it since the beginning. I don't know how many alternatives there are. Ledger uses a different chip which provides 'security through obscurity' that might not appeal to many of the Trezor's customers.
The developers can't fix old models because they would have to change them drastically, including the software. I highly doubt that Trezor is going to release a new model anytime soon (there is still a lot to do for the Trezor T). Also, I don't think that they would suddenly change their security policy. They want to be as much transparent as possible. The attack can't be performed remotely. Passphrases should be used by everyone anyway. Here you can read Trezor's response.
Thanks for the answer. So, basicaly they admited the proplem but they did not say that they would fix it even in their future devices.
Are the developers going to fix the hardware for future models or they are going to keep manufacturing the old model with advice to use a long passphrase?
The developers can't fix old models because they would have to change them drastically, including the software. I highly doubt that Trezor is going to release a new model anytime soon (there is still a lot to do for the Trezor T). Also, I don't think that they would suddenly change their security policy. They want to be as much transparent as possible. The attack can't be performed remotely. Passphrases should be used by everyone anyway. Here you can read Trezor's response.
Hi everybody!
I recently read that all Trezor models have a hardware vulnerability, which let an attacker extract a seed from a wallet if it's not protected by a long passphrase. It says that the vulnerability cannot be patched by a software update. What is Trezor going to do about it? Are the developers going to fix the hardware for future models or they are going to keep manufacturing the old model with advice to use a long passphrase?
I recently read that all Trezor models have a hardware vulnerability, which let an attacker extract a seed from a wallet if it's not protected by a long passphrase. It says that the vulnerability cannot be patched by a software update. What is Trezor going to do about it? Are the developers going to fix the hardware for future models or they are going to keep manufacturing the old model with advice to use a long passphrase?
Like I said, yes. AFAIK, Trezor's seed is also BIP39.
Thanks! 
I mean, can I use an existed BIP39 seed (which was geterated by third party software) to get access to a wallet?
Or Trezor is designed to recover wallets only with seeds which were generated by Trezor devices?
By the way, a trezor's native 12-word seed is a BIP39 one?
I am asking because I know that different developers use different allgorithms to generate seeds and some devices might not support BIP39 seeds.
Like I said, yes. AFAIK, Trezor's seed is also BIP39. Or Trezor is designed to recover wallets only with seeds which were generated by Trezor devices?
By the way, a trezor's native 12-word seed is a BIP39 one?
I am asking because I know that different developers use different allgorithms to generate seeds and some devices might not support BIP39 seeds.
Hi guys!
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?
You mean import a wallet you generated on your PC, with a different wallet, into Trezor?I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?
Or Trezor is designed to recover wallets only with seeds which were generated by Trezor devices?
By the way, a trezor's native 12-word seed is a BIP39 one?
I am asking because I know that different developers use different algorithms to generate seeds and some devices might not support BIP39 seeds.
Quote
If you import a seed that was generated outside the device, you can't guarantee the same security.
Yes, I know that. Hi guys!
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?\
You mean import a wallet you generated on your PC, with a different wallet, into Trezor?I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?\
Yes, you can. But I wouldn't do that. The point of a hardware wallet is that it is generated in an isolated device and it's safe from any outsider risk. If you import a seed that was generated outside the device, you can't guarantee the same security.
Hi guys!
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?
The newsletter-exclusive offer turned out to be a 15% discount code off anything in Trezor Shop, valid through 30 September. The code doesn't seem to be unique for each participant. Anyway, I am not going to use it so I can give it to anyone who sends me a private message.
Trezor prepared a newsletter-exclusive offer for people who sign up for their newsletter. All readers are going to receive it on Wednesday. The subscription link can be found in the tweet below.
Source: https://twitter.com/Trezor/status/1176221067943325697
Source: https://twitter.com/Trezor/status/1176221067943325697
Theoretically... you could implement it with ANY backup seed using the Shamir's secret sharing scheme... refer: http://point-at-infinity.org/ssss/
Obiviously, getting a collection of 20 (or 33) word phrases is a bit more user friendly that a collection of HEX outputs that the SSSS linked above generates, but I would imagine it would be relatively trivial to simply re-encode the generated HEX to a word list using a system similar to BIP39.
The advantage of the Trezor solution is that the SatoshiLabs guys have built it into the Trezor T natively, so the data entry and conversion from recovery to actual seed mnemonic seed etc is secured within the device itself... nice and elegant... and most important, easy to use.
Obiviously, getting a collection of 20 (or 33) word phrases is a bit more user friendly that a collection of HEX outputs that the SSSS linked above generates, but I would imagine it would be relatively trivial to simply re-encode the generated HEX to a word list using a system similar to BIP39.
The advantage of the Trezor solution is that the SatoshiLabs guys have built it into the Trezor T natively, so the data entry and conversion from recovery to actual seed mnemonic seed etc is secured within the device itself... nice and elegant... and most important, easy to use.
Trezor introduced a new security standard called Shamir backup which is basically a way to split backup seeds. It's not available in the Trezor one so I couldn't try it, but could someone who did give us his thoughts about the subject?
The whole process was fairly easy thanks to the detailed guide. I set the number of shares to 3 and the threshold to 2. I selected 20 words to keep it simple (typing in 66 words during recovery even on such a display would be tedious). Everything seems to be working fine, but I am going to stick to my current security policy. I recovered my old wallet. Feel free to ask me any questions.
By the way, Bitcoin only firmware has been available for both Trezor One and T since 4th September.
Trezor introduced a new security standard called Shamir backup which is basically a way to split backup seeds. It's not available in the Trezor one so I couldn't try it, but could someone who did give us his thoughts about the subject?
Quote
a calculated number of white decoy pixels is added to each row
Not randomly generated.
Jump to: