Pages:
Author

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 6. (Read 966221 times)

legendary
Activity: 1876
Merit: 3139
Trezor has just released a new beta version (2.2.0) of their software for Trezor T. Wipe Code has been added. Once it's entered while the device is locked, it wipes the wallet. In order to set it up, the update has to be installed manually and the code needs to be set up using trezorctl (>=0.11.6).

To set the wipe code use: trezorctl set wipe-code
To remove the wipe code use: trezorctl set wipe-code -r
staff
Activity: 3500
Merit: 6152
I received an Email from Trezor today, they are having a Holiday sale; buy a Trezor T and get a Trezor one for free, or buy a Trezor T and get a second for half price.  I don't see the promotion on their site, I think it's an email marketing thingy.  If you're not signed up for Trezor promotional emails, they don't send them often, and when they do it's worth getting spammed.  Just sayin'.

If you're interested send me a PM, and I'll send you the links. 

It's just not shown on the first page, but if you click the shop button, it will redirect you to all the deals (including the Christmas ones that you're referring to): https://shop.trezor.io/
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I received an Email from Trezor today, they are having a Holiday sale; buy a Trezor T and get a Trezor one for free, or buy a Trezor T and get a second for half price.  I don't see the promotion on their site, I think it's an email marketing thingy.  If you're not signed up for Trezor promotional emails, they don't send them often, and when they do it's worth getting spammed.  Just sayin'.

If you're interested send me a PM, and I'll send you the links. 
legendary
Activity: 1876
Merit: 3139
Trezor Black Friday starts on 29 November at 00:00 and will end on 3 December 09:00 (GMT+1). You can use “TRZR30“ promo code to get a 30% discount on everything!
legendary
Activity: 1876
Merit: 3139
Since the beginning of October, Trezor beta testers are able to test another beta version of the Trezor Firmware. The latest update added FIDO2 support and an enhancement to Shamir Backup - Super Shamir Backup which allows to divide existing shares into groups. By doing this, one group might need to provide more shares in order to recover the wallet. More information can be found here.
legendary
Activity: 1876
Merit: 3139
Too bad, If they knew it, why didn't they choose a different chip?

There might have not been any alternatives. I am not an expert in this field. Ledger HW.1 also had an STM chip in its smartcard.

Did any hard wallet manufacturer offer a reward for revealing hardware vulnerabilities against their devices?

Yes, both Ledger and Trezor have their responsible disclosures programs. Ledger was supposed not to disclose this vulnerability publicly since it also affects many other devices. No individual has found out about it before them.

Has it been hacked as Trezor has?

There is no comparable hack at the moment for Ledger. Everything has been patched so far.
member
Activity: 187
Merit: 71
So, basicaly they admited the proplem but they did not say that they would fix it even in their future devices.

This sentence does not make any sense. Did you mean 'wouldn't fix'?
My bad, I fixed the original post.

Quote
Trezor is not the only device affected by this vulnerability. It looks like that every device with a ST microchip is affected so it's not their fault. Actually, they admitted that they had been aware of it since the beginning.
Too bad, If they knew it, why didn't they choose a different chip?

Quote
I don't know how many alternatives there are.
Did any hard wallet manufacturer offer a reward for revealing hardware vulnerabilities against their devices?
That would be cool Smiley

Quote
Ledger uses a different chip which provides 'security through obscurity'
Has it been hacked as Trezor has?
legendary
Activity: 1876
Merit: 3139
So, basicaly they admited the proplem but they did say that they would fix it even in their future devices.

This sentence does not make any sense. Did you mean 'wouldn't fix'? Trezor is not the only device affected by this vulnerability. It looks like that every device with a ST microchip is affected so it's not their fault. Actually, they admitted that they had been aware of it since the beginning. I don't know how many alternatives there are. Ledger uses a different chip which provides 'security through obscurity' that might not appeal to many of the Trezor's customers.
member
Activity: 187
Merit: 71
The developers can't fix old models because they would have to change them drastically, including the software. I highly doubt that Trezor is going to release a new model anytime soon (there is still a lot to do for the Trezor T). Also, I don't think that they would suddenly change their security policy. They want to be as much transparent as possible. The attack can't be performed remotely. Passphrases should be used by everyone anyway. Here you can read Trezor's response.
Thanks for the answer.
So, basicaly they admited the proplem but they did not say that they would fix it even in their future devices.
legendary
Activity: 1876
Merit: 3139
Are the developers going to fix the hardware for future models or they are going to keep manufacturing the old model with advice to use a long passphrase?

The developers can't fix old models because they would have to change them drastically, including the software. I highly doubt that Trezor is going to release a new model anytime soon (there is still a lot to do for the Trezor T). Also, I don't think that they would suddenly change their security policy. They want to be as much transparent as possible. The attack can't be performed remotely. Passphrases should be used by everyone anyway. Here you can read Trezor's response.
member
Activity: 187
Merit: 71
Hi everybody!

I recently read that all Trezor models have a hardware vulnerability, which let an attacker extract a seed from a wallet if it's not protected by a long passphrase. It says that the vulnerability cannot be patched by a software update. What is Trezor going to do about it? Are the developers going to fix the hardware for future models or they are going to keep manufacturing the old model with advice to use a long passphrase?
member
Activity: 187
Merit: 71
Like I said, yes. AFAIK, Trezor's seed is also BIP39.
Thanks!
legendary
Activity: 2758
Merit: 6830
I mean, can I use an existed BIP39 seed (which was geterated by third party software) to get access to a wallet?
Or Trezor is designed to recover wallets only with seeds which were generated by Trezor devices?
By the way, a trezor's native 12-word seed is a BIP39 one?

I am asking because I know that different developers use different allgorithms to generate seeds and some devices might not support BIP39 seeds.
Like I said, yes. AFAIK, Trezor's seed is also BIP39.
member
Activity: 187
Merit: 71
Hi guys!
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?
You mean import a wallet you generated on your PC, with a different wallet, into Trezor?
I mean, can I use an existed BIP39 seed (which was generated by third party software) to get access to a wallet?
Or Trezor is designed to recover wallets only with seeds which were generated by Trezor devices?
By the way, a trezor's native 12-word seed is a BIP39 one?

I am asking because I know that different developers use different algorithms to generate seeds and some devices might not support BIP39 seeds.

Quote
If you import a seed that was generated outside the device, you can't guarantee the same security.
Yes, I know that.
legendary
Activity: 2758
Merit: 6830
Hi guys!
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?\
You mean import a wallet you generated on your PC, with a different wallet, into Trezor?

Yes, you can. But I wouldn't do that. The point of a hardware wallet is that it is generated in an isolated device and it's safe from any outsider risk. If you import a seed that was generated outside the device, you can't guarantee the same security.
member
Activity: 187
Merit: 71
Hi guys!
I had generated a BIP39 seed and set up a software wallet based on it. Everything works fine. I am wondering if I can use the same seed to get access to my wallet with Trezor? Does trezor use regular BIP39 seeds for restoring wallets or it requires a special seed, which has to be generated on a trezor device?
legendary
Activity: 1876
Merit: 3139
The newsletter-exclusive offer turned out to be a 15% discount code off anything in Trezor Shop, valid through 30 September. The code doesn't seem to be unique for each participant. Anyway, I am not going to use it so I can give it to anyone who sends me a private message.
legendary
Activity: 1876
Merit: 3139
Trezor prepared a newsletter-exclusive offer for people who sign up for their newsletter. All readers are going to receive it on Wednesday. The subscription link can be found in the tweet below.

Source: https://twitter.com/Trezor/status/1176221067943325697
HCP
legendary
Activity: 2086
Merit: 4363
Theoretically... you could implement it with ANY backup seed using the Shamir's secret sharing scheme... refer: http://point-at-infinity.org/ssss/

Obiviously, getting a collection of 20 (or 33) word phrases is a bit more user friendly that a collection of HEX outputs that the SSSS linked above generates, but I would imagine it would be relatively trivial to simply re-encode the generated HEX to a word list using a system similar to BIP39.

The advantage of the Trezor solution is that the SatoshiLabs guys have built it into the Trezor T natively, so the data entry and conversion from recovery to actual seed mnemonic seed etc is secured within the device itself... nice and elegant... and most important, easy to use.
legendary
Activity: 1876
Merit: 3139
Trezor introduced a new security standard called Shamir backup which is basically a way to split backup seeds. It's not available in the Trezor one so I couldn't try it, but could someone who did give us his thoughts about the subject?

The whole process was fairly easy thanks to the detailed guide. I set the number of shares to 3 and the threshold to 2. I selected 20 words to keep it simple (typing in 66 words during recovery even on such a display would be tedious). Everything seems to be working fine, but I am going to stick to my current security policy. I recovered my old wallet. Feel free to ask me any questions.

By the way, Bitcoin only firmware has been available for both Trezor One and T since 4th September.
Pages:
Jump to: