Pages:
Author

Topic: How good is trezzor wallet - page 2. (Read 4214 times)

legendary
Activity: 3430
Merit: 3074
July 20, 2015, 07:33:13 PM
#66


What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)




That's pretty much unbeatable security. If your password or whatever it uses is strong, then you are probably safe even if it's stolen.

Yesz. But physical possession of the device means they could crack it eventually, given enough resources. So you wouldn't rely on it.
Point is, it's not a disaster like losing your cash wallet is.


Yes, if someone could for instance acquire the means to extract the contents of the Trezors memory using SPI clip type method (attaching electrodes to the EEPROM or whatever memory type the little ARM M3 in the Trezor uses for persistent memory). It's possible that the password scheme for Trezor actually encrypts the contents of the persistent memory. Not sure on that though.
hero member
Activity: 576
Merit: 503
July 20, 2015, 07:00:25 PM
#65


What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)




That's pretty much unbeatable security. If your password or whatever it uses is strong, then you are probably safe even if it's stolen.

Yesz. But physical possession of the device means they could crack it eventually, given enough resources. So you wouldn't rely on it.
Point is, it's not a disaster like losing your cash wallet is.
hero member
Activity: 518
Merit: 500
July 20, 2015, 06:57:53 PM
#64


What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)




That's pretty much unbeatable security. If your password or whatever it uses is strong, then you are probably safe even if it's stolen.
legendary
Activity: 3430
Merit: 3074
July 20, 2015, 06:37:55 PM
#63


What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)


hero member
Activity: 518
Merit: 500
July 20, 2015, 06:05:34 PM
#62
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?


It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).



What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.



Ok, good. I think it's pretty amazing and I would definitely buy it in a next 7 days.
hero member
Activity: 576
Merit: 503
July 20, 2015, 05:59:41 PM
#61
Trezor is the ultimate device for security-meets-user friendliness. The device is the best option for maintaining security of your coins without losing the ability to use them as you please.

Yup.

It's also good for logging into services. Once you see how nicely that works, you'll wish every site did it that way.

sr. member
Activity: 294
Merit: 250
July 20, 2015, 05:55:58 PM
#60
Trezor is the ultimate device for security-meets-user friendliness. The device is the best option for maintaining security of your coins without losing the ability to use them as you please.
hero member
Activity: 576
Merit: 503
July 20, 2015, 05:52:37 PM
#59
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?


It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).



What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

hero member
Activity: 518
Merit: 500
July 20, 2015, 05:39:44 PM
#58
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?


It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).



What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.
sr. member
Activity: 434
Merit: 250
Loose lips sink sigs!
July 20, 2015, 05:37:36 PM
#57
What happened to the original metallic looking cases for Trezor wallets?

There's a silver metallic version in a pic that keeps floating around...
hero member
Activity: 576
Merit: 503
July 20, 2015, 05:33:42 PM
#56
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?


It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).

hero member
Activity: 518
Merit: 500
July 20, 2015, 05:21:01 PM
#55
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?


It can be lost and then there's no way to recover it, I think.
hero member
Activity: 576
Merit: 503
July 20, 2015, 05:18:07 PM
#54
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?
newbie
Activity: 56
Merit: 0
July 20, 2015, 01:23:35 PM
#53
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley

And still has a lot of safety vulnerabilities that a paper wallet doesn't.
hero member
Activity: 658
Merit: 500
July 20, 2015, 09:12:52 AM
#52
Trezor is probably the best BTC wallet  Wink Safe and enough developed  Smiley
legendary
Activity: 1036
Merit: 1000
/dev/null
July 20, 2015, 08:20:10 AM
#51
It was developed by Czechs. We made engines to German tanks.
Yes, and we are proud of it! It made Czech Republic more famous Tongue

yes, actually bitcoin is quite popular here in Czech Republic, I think mainly because of Slush/Stick duo and lot of guys willing to risk, invest and check new technologies.

Even on google trend it is not so bad at all so at least something, in my country, I'm little bit proud off:)
legendary
Activity: 3206
Merit: 1069
July 20, 2015, 06:14:32 AM
#50
based this vulnerability, http://johoe.mooo.com/trezor-power-analysis/, which was fixed quickly you can say that it's relatively safe, no one know if in the future another hole like that will happen again...

remember that besides the vernam cipher nothing is 100% safe

Even if the logic and mathematics are perfect and the op-sec is good, there can still be implementation details that allow side channel attacks, such as the Trezor power issue. In practice, the Vernam cipher is not 100% safe.

This article from NSA is interesting. https://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf



vernam cipher is not 100% safe in practice, not because there is an hole in the cipher or something, but because of the messenger

it's like you have x+18 =y(where 18 is the ciphertext and y is the key that you don't know) how can you solve this? it's impossible without knowing at least the key(y), because x and y could have multiple value

if the messenger of the y is caught and y stolen then yes you can decrypt it, but as i said above it's not because the vernam cipher isn't 100% secure

One time pads (vernam ciphers) are unbreakable because EVERY plain text is a decryption of any given cipher text. This is because the plain text is just XOR'd with the pad to create the cipher text and to break it (determine the pad/key) requires cycling thru keys to get a reasonably plausible plain text. Then you realize you could cycle some more and get another (in fact any) plausible plain text, etc.
You're right that the pads need to be communicated and a failure there is a bad thing.
But the weakness in practice is the reuse of a pad ... the NSA caught the Russian's out doing that and managed to decrypt a whole bunch of messages.


if you re-use the key it's clear that you are reducing the security of this method, but that's your fault, the only downside of that ciphers is the key length, not very practical to have a key that is long like the text
hero member
Activity: 518
Merit: 500
July 20, 2015, 05:50:18 AM
#49
It was developed by Czechs. We made engines to German tanks.
Yes, and we are proud of it! It made Czech Republic more famous Tongue
legendary
Activity: 2114
Merit: 1090
=== NODE IS OK! ==
July 20, 2015, 05:25:45 AM
#48
It was developed by Czechs. We made engines to German tanks.
hero member
Activity: 576
Merit: 503
July 20, 2015, 05:22:35 AM
#47
I haven't seen any mention of the use of trezor to sign login challenges. It doesn't work on many sites yet, but where it does it's lovely.
No need to store or reuse passwords any more.
Pages:
Jump to: