How good is trezzor wallet - page 2.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

Quote from: harrymmmm on July 20, 2015, 06:00:25 PM

Quote from: Somekindabitcoin on July 20, 2015, 05:57:53 PM

Quote from: Carlton Banks on July 20, 2015, 05:37:55 PM

Quote from: harrymmmm on July 20, 2015, 04:52:37 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:39:44 PM

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)

That's pretty much unbeatable security. If your password or whatever it uses is strong, then you are probably safe even if it's stolen.

Yesz. But physical possession of the device means they could crack it eventually, given enough resources. So you wouldn't rely on it.
Point is, it's not a disaster like losing your cash wallet is.

Yes, if someone could for instance acquire the means to extract the contents of the Trezors memory using SPI clip type method (attaching electrodes to the EEPROM or whatever memory type the little ARM M3 in the Trezor uses for persistent memory). It's possible that the password scheme for Trezor actually encrypts the contents of the persistent memory. Not sure on that though.

harrymmmm

hero member

Activity: 576

Merit: 503

Quote from: Somekindabitcoin on July 20, 2015, 05:57:53 PM

Quote from: Carlton Banks on July 20, 2015, 05:37:55 PM

Quote from: harrymmmm on July 20, 2015, 04:52:37 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:39:44 PM

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)

That's pretty much unbeatable security. If your password or whatever it uses is strong, then you are probably safe even if it's stolen.

Yesz. But physical possession of the device means they could crack it eventually, given enough resources. So you wouldn't rely on it.
Point is, it's not a disaster like losing your cash wallet is.

Somekindabitcoin

hero member

Activity: 518

Merit: 500

Quote from: Carlton Banks on July 20, 2015, 05:37:55 PM

Quote from: harrymmmm on July 20, 2015, 04:52:37 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:39:44 PM

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)

That's pretty much unbeatable security. If your password or whatever it uses is strong, then you are probably safe even if it's stolen.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

Quote from: harrymmmm on July 20, 2015, 04:52:37 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:39:44 PM

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

It doubles the wait each failed attempt, I believe that's infinite (no good reason why not, the code is on github)

Somekindabitcoin

hero member

Activity: 518

Merit: 500

Quote from: harrymmmm on July 20, 2015, 04:52:37 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:39:44 PM

Quote from: harrymmmm on July 20, 2015, 04:33:42 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:21:01 PM

Quote from: harrymmmm on July 20, 2015, 04:18:07 PM

Quote from: ransomer on July 20, 2015, 12:23:35 PM

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?

It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

Ok, good. I think it's pretty amazing and I would definitely buy it in a next 7 days.

harrymmmm

hero member

Activity: 576

Merit: 503

Quote from: UserVVIP on July 20, 2015, 04:55:58 PM

Trezor is the ultimate device for security-meets-user friendliness. The device is the best option for maintaining security of your coins without losing the ability to use them as you please.

Yup.

It's also good for logging into services. Once you see how nicely that works, you'll wish every site did it that way.

UserVVIP

sr. member

Activity: 294

Merit: 250

Trezor is the ultimate device for security-meets-user friendliness. The device is the best option for maintaining security of your coins without losing the ability to use them as you please.

harrymmmm

hero member

Activity: 576

Merit: 503

Quote from: Somekindabitcoin on July 20, 2015, 04:39:44 PM

Quote from: harrymmmm on July 20, 2015, 04:33:42 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:21:01 PM

Quote from: harrymmmm on July 20, 2015, 04:18:07 PM

Quote from: ransomer on July 20, 2015, 12:23:35 PM

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?

It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

He can ... eventually.
Each time he tries a pin that fails, there's an extra wait time added for the next one. Unless you're very unlucky you have plenty of time to move your coins.

Somekindabitcoin

hero member

Activity: 518

Merit: 500

Quote from: harrymmmm on July 20, 2015, 04:33:42 PM

Quote from: Somekindabitcoin on July 20, 2015, 04:21:01 PM

Quote from: harrymmmm on July 20, 2015, 04:18:07 PM

Quote from: ransomer on July 20, 2015, 12:23:35 PM

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?

It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).

What about the guy that took it from you? I think he can brute force it, or no? I read some articles about this.

Possum577

sr. member

Activity: 434

Merit: 250

Loose lips sink sigs!

What happened to the original metallic looking cases for Trezor wallets?

There's a silver metallic version in a pic that keeps floating around...

harrymmmm

hero member

Activity: 576

Merit: 503

Quote from: Somekindabitcoin on July 20, 2015, 04:21:01 PM

Quote from: harrymmmm on July 20, 2015, 04:18:07 PM

Quote from: ransomer on July 20, 2015, 12:23:35 PM

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?

It can be lost and then there's no way to recover it, I think.

How can you make statements like that when you clearly don't know the first thing about trezors?

If it's lost, you use the hd seed you've kept safely and recover the coins to another wallet (trezor, or software).

Somekindabitcoin

hero member

Activity: 518

Merit: 500

Quote from: harrymmmm on July 20, 2015, 04:18:07 PM

Quote from: ransomer on July 20, 2015, 12:23:35 PM

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?

It can be lost and then there's no way to recover it, I think.

harrymmmm

hero member

Activity: 576

Merit: 503

Quote from: ransomer on July 20, 2015, 12:23:35 PM

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

Such as?

ransomer

newbie

Activity: 56

Merit: 0

Quote from: HeroCat on July 20, 2015, 08:12:52 AM

Trezor is probably the best BTC wallet Wink

Safe and enough developed

And still has a lot of safety vulnerabilities that a paper wallet doesn't.

HeroCat

hero member

Activity: 658

Merit: 500

Trezor is probably the best BTC wallet Wink

Safe and enough developed

Xialla

legendary

Activity: 1036

Merit: 1001

/dev/null

Quote from: Somekindabitcoin on July 20, 2015, 04:50:18 AM

Quote from: HCLivess on July 20, 2015, 04:25:45 AM

It was developed by Czechs. We made engines to German tanks.

Yes, and we are proud of it! It made Czech Republic more famous Tongue

yes, actually bitcoin is quite popular here in Czech Republic, I think mainly because of Slush/Stick duo and lot of guys willing to risk, invest and check new technologies.

Even on google trend it is not so bad at all so at least something, in my country, I'm little bit proud off:)

Amph

legendary

Activity: 3248

Merit: 1070

Quote from: harrymmmm on July 20, 2015, 04:06:53 AM

Quote from: Amph on July 19, 2015, 02:10:35 PM

Quote from: tl121 on July 19, 2015, 01:42:38 PM

Quote from: Amph on July 19, 2015, 10:23:12 AM

based this vulnerability, http://johoe.mooo.com/trezor-power-analysis/, which was fixed quickly you can say that it's relatively safe, no one know if in the future another hole like that will happen again...

remember that besides the vernam cipher nothing is 100% safe

Even if the logic and mathematics are perfect and the op-sec is good, there can still be implementation details that allow side channel attacks, such as the Trezor power issue. In practice, the Vernam cipher is not 100% safe.

This article from NSA is interesting. https://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf

vernam cipher is not 100% safe in practice, not because there is an hole in the cipher or something, but because of the messenger

it's like you have x+18 =y(where 18 is the ciphertext and y is the key that you don't know) how can you solve this? it's impossible without knowing at least the key(y), because x and y could have multiple value

if the messenger of the y is caught and y stolen then yes you can decrypt it, but as i said above it's not because the vernam cipher isn't 100% secure

One time pads (vernam ciphers) are unbreakable because EVERY plain text is a decryption of any given cipher text. This is because the plain text is just XOR'd with the pad to create the cipher text and to break it (determine the pad/key) requires cycling thru keys to get a reasonably plausible plain text. Then you realize you could cycle some more and get another (in fact any) plausible plain text, etc.
You're right that the pads need to be communicated and a failure there is a bad thing.
But the weakness in practice is the reuse of a pad ... the NSA caught the Russian's out doing that and managed to decrypt a whole bunch of messages.

if you re-use the key it's clear that you are reducing the security of this method, but that's your fault, the only downside of that ciphers is the key length, not very practical to have a key that is long like the text

Somekindabitcoin

hero member

Activity: 518

Merit: 500

Quote from: HCLivess on July 20, 2015, 04:25:45 AM

It was developed by Czechs. We made engines to German tanks.

Yes, and we are proud of it! It made Czech Republic more famous Tongue

HCLivess

legendary

Activity: 2114

Merit: 1090

=== NODE IS OK! ==

It was developed by Czechs. We made engines to German tanks.

harrymmmm

hero member

Activity: 576

Merit: 503

I haven't seen any mention of the use of trezor to sign login challenges. It doesn't work on many sites yet, but where it does it's lovely.
No need to store or reuse passwords any more.

Topic: How good is trezzor wallet - page 2. (Read 4259 times)