Pages:
Author

Topic: How good is trezzor wallet - page 3. (Read 4214 times)

hero member
Activity: 576
Merit: 503
July 20, 2015, 05:14:12 AM
#46
Negatives:
  • The wallet is very small, therefore easy to mis-place, lose, or have stolen if left around
  • It's electronic, so it is vulnerable to a battery wearing out or exposure to water and other elements

If stolen, can it be cracked or are the balances lost forever (if the owner doesn't have the private key held elsewhere)?

1: has seed words
2: can replace with a new unit for seed words (pretty sure battery shouldn't matter as only powered when connected via usb)

If stolen it would need someone to bruteforce the code manually, would take some time. You should be able to enter the seedwords and get the funds out before it happens.

 So I could buy 2 set them up as clones and put one in a bank safety deposit box? 
 then if my in house breaks or is stolen I could go to my safety deposit box and access the wallet? 
 if true to both questions and you have a decent amount of coins I would consider buying it.

and if I was buying 2.

 I may as well buy 3.

   since 2 = 238 usd and 3 = 299 usd



The seed words could be put into your box. Then if your trezor was stolen you can quickly enter the seed into a wallet that supports hd seeds, transfer the bitcoin. Wait for a new trezor to arrive.
hero member
Activity: 576
Merit: 503
July 20, 2015, 05:06:53 AM
#45
based this vulnerability, http://johoe.mooo.com/trezor-power-analysis/, which was fixed quickly you can say that it's relatively safe, no one know if in the future another hole like that will happen again...

remember that besides the vernam cipher nothing is 100% safe

Even if the logic and mathematics are perfect and the op-sec is good, there can still be implementation details that allow side channel attacks, such as the Trezor power issue. In practice, the Vernam cipher is not 100% safe.

This article from NSA is interesting. https://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf



vernam cipher is not 100% safe in practice, not because there is an hole in the cipher or something, but because of the messenger

it's like you have x+18 =y(where 18 is the ciphertext and y is the key that you don't know) how can you solve this? it's impossible without knowing at least the key(y), because x and y could have multiple value

if the messenger of the y is caught and y stolen then yes you can decrypt it, but as i said above it's not because the vernam cipher isn't 100% secure

One time pads (vernam ciphers) are unbreakable because EVERY plain text is a decryption of any given cipher text. This is because the plain text is just XOR'd with the pad to create the cipher text and to break it (determine the pad/key) requires cycling thru keys to get a reasonably plausible plain text. Then you realize you could cycle some more and get another (in fact any) plausible plain text, etc.
You're right that the pads need to be communicated and a failure there is a bad thing.
But the weakness in practice is the reuse of a pad ... the NSA caught the Russian's out doing that and managed to decrypt a whole bunch of messages.
hero member
Activity: 518
Merit: 500
July 20, 2015, 02:36:01 AM
#44
I've considered buying an electronic wallet like Trezzor before but

a) I don't have enough BTC to care that much
b) Im paranoid about electronic devices and trust more a BIP38 (a paper wallet with a password) than something thats prone to failure, needs updates etc.


So far I do this.


I have paper wallets in my safety deposit box.

I have some in a coinbase account.

I have some in a blockchain.info hot wallet.

I have a node with an empty wallet.

That's a good decision to put them into your safety deposit box. Nice idea! Smiley
legendary
Activity: 3206
Merit: 1069
July 20, 2015, 02:33:48 AM
#43

I have paper wallets in my safety deposit box.

I have some in a coinbase account.

I have some in a blockchain.info hot wallet.


WHYYYYYYYYYYY?

A safety deposit box is the same as a bank account. You don't control it..the bank ultimately does.

Coinbase? Why not just keep your money with Paypal?

Blockchain.info hot wallet? WHYYYYYYYYYY?

Mycelium phone wallet for day-to-day purchases. Trezor for long term, but accessible. Paper wallets printed securely and stored somewhere OTHER THAN A BANK FOR GOD'S SAKE for long-long term.

I am amazed by the lack of foresight in some people. No offense.



i think he is talking about a safebox in his house, he can control it easily if he know the combination

mycelium isn't even the ebst for androind, "bitcoin wallet" is

trezor have not a real purpose is a gimmick device, why i should waste 120, that can be used to purchase almost 0.5 btc, and instead buying a $4 usb that can do the same basically, ok there isn't offline signing, but you have that with armory or electrum...
tss
hero member
Activity: 742
Merit: 500
July 20, 2015, 01:48:45 AM
#42
I love mine, works great and gives you peace of mind. I think it is one of the best hardware wallets because software actually supports it!

i agree with this.  trezor is a great piece of hardware with great software support.  
i use it as a "warm" wallet.  
any significant btc holdings still go to very cold storage on encrypted paper wallets.

lmk if you have better advice.
sr. member
Activity: 251
Merit: 253
sr. member
Activity: 434
Merit: 250
Loose lips sink sigs!
July 20, 2015, 12:40:17 AM
#40
it is vulnerable to a battery wearing out

Do you even own one? They don't have batteries...

LMAO  Cheesy

No, I don't own one.

The link you provided "for more information" doesn't talk about power generation, it only says there is no battery. If the fob has a screen it has to generate power...so it must have some source to generate power. Even a watch stops ticking...any thoughts on how Trezor keeps ticking?

I plan to hodl some coins for a very long time. I don't want to pick up my Trezor one day in 10 years and find a blank screen.
legendary
Activity: 1150
Merit: 1004
July 20, 2015, 12:04:37 AM
#39
Another thought on the Trezor. If you mine directly to a Trezor address (like I do), then you can end up with lots of inputs. And if you don't have much hash power (like me) then there's lots of small inputs Wink

If you go to spend these inputs later, it can take a very long time. I believe this is because lots of little amounts translate to lots of signing operations when spending. Since the Trezor processor performs all of the signing operations in the device itself (which is the whole point security-wise), and it's not very fast, it can take minutes (or longer) to complete.

To deal with this I have two Trezor "accounts", which effectively translates to key sets. My main account is for savings. The secondary account is where I receive mining proceeds.

Periodically when I reach an arbitrary mined threshold (like 1 bitcoin), I transfer from the mining account to a receiving address on the main savings account. This consolidates the many received inputs and makes later spending from the main account more streamlined.

Note that other than this consolidation, I rarely spend directly from the Trezor. I usually buy things from Breadwallet on my phone. Periodically I top off my phone's Breadwallet from the Trezor, but I limit the amount to a few hundred dollars worth.

This way I get the security of a hardware wallet for savings, but the convenience of a mobile wallet for spending. So far this has worked well for me.
legendary
Activity: 1150
Merit: 1004
July 20, 2015, 12:00:41 AM
#38
You can definitely recover another Trezor with the same backed up passphrase and both units will have the same seed and key set. Basically the restored backup would be identical to the original.

I wasn't aware you could do that, but still you don't want two devices to share the same seed and key set. If one Trezor gets stolen then the other is also unsafe.

True. If your Trezor is stolen, you have to assume that the thief will eventually guess your PIN. So you have to move your funds as fast as you can.

But if you don't have a trusted computer (and therefore don't want to risk a local software wallet), you could use a "cloned" Trezor to move the funds temporarily to another wallet (maybe Coinbase if you have no other options). At that point, it wouldn't matter what the thief does because the funds associated with the keys in the device he stole would be worthless.

Then you could initialize the backup Trezor from scratch with a brand new, uncompromised seed, then transfer from your temporary wallet back to the "new" Trezor. Since it has a different seed and key set, it's just as secure as a brand new Trezor.

I agree that this scenario is a bit of a stretch. In my case, I've assumed that if my Trezor is stolen, I'll use Electrum on my laptop to quickly recover the seed, then send the Bitcoin to my backup Trezor, which I would initialize with a new seed. I'm on Macintosh and am security conscious, so I think the brief possibility of exposure of possibly compromised keys is worth the speed to move the coins.

But other people on more vulnerable operating systems (not to start an OS war or anything) might want to go the the other route for safety sake. In this scenario, having a cloned Trezor just for the ability to safely move the coins out of the hands of an attacker isn't necessarily a bad idea.
sr. member
Activity: 251
Merit: 253
July 19, 2015, 11:36:16 PM
#37
You can definitely recover another Trezor with the same backed up passphrase and both units will have the same seed and key set. Basically the restored backup would be identical to the original.

I wasn't aware you could do that, but still you don't want two devices to share the same seed and key set. If one Trezor gets stolen then the other is also unsafe.

Currently I have a backup unit, but I've kept it in the box and have not used it to recover my main unit's seed value. That's because I figured that if I never use the backup, I might as well leave it in the box unopened. Maybe in the future they'll come out with a Trezor 2 and I can sell or give away my unopened backup.

As an alternative to having a backup Trezor, you could restore the passphrase to a software wallet. I think that Electrum V2 supports the same standard, but I'm not sure.

Of course you'd only want to restore to a software wallet if it was an emergency, like your Trezor was stolen and you want to move the funds out fast to another wallet under your control.

Yes, I agree having a backup Trezor is a good idea. I just wanted to make a point against what philipma1957 said, he was suggesting to buy 3 trezors but have them all be clones of each other (which is a terrible idea)

A safety deposit box is the same as a bank account. You don't control it..the bank ultimately does.

Yes, but it's not like the bank owns the contents of the box, you do. It's illegal for the bank to open the safe deposit box without you being present.
legendary
Activity: 1150
Merit: 1004
July 19, 2015, 10:26:04 PM
#36
So I could buy 2 set them up as clones and put one in a bank safety deposit box?  
 then if my in house breaks or is stolen I could go to my safety deposit box and access the wallet?  
 if true to both questions and you have a decent amount of coins I would consider buying it.

and if I was buying 2.

 I may as well buy 3.

   since 2 = 238 usd and 3 = 299 usd



You can't make clones, each device has a separate private key and even if you could 'clone' it, it would be pointless in purchasing more than one device.
Just make sure you never misplace your Trezor and your recovery card at the same time, then you would be truly screwed. If someone steals your Trezor they can't access your funds because you have a PIN setup, each time you enter the PIN incorrectly you get locked out longer and longer at each failed attempt. You would have plenty of time to get your recovery card from your safe deposit box and recover your funds before the thieve could ever access them.

Your point about not being able to clone a trezor is only partially accurate. A trezor is basically a hardware HD wallet. During its initialization process, you're provided with the 24 word passphrase which is the human readable representation of the seed value for the wallet.

You can definitely recover another Trezor with the same backed up passphrase and both units will have the same seed and key set. Basically the restored backup would be identical to the original.

Currently I have a backup unit, but I've kept it in the box and have not used it to recover my main unit's seed value. That's because I figured that if I never use the backup, I might as well leave it in the box unopened. Maybe in the future they'll come out with a Trezor 2 and I can sell or give away my unopened backup.

As an alternative to having a backup Trezor, you could restore the passphrase to a software wallet. I think that Electrum V2 supports the same standard, but I'm not sure.

Of course you'd only want to restore to a software wallet if it was an emergency, like your Trezor was stolen and you want to move the funds out fast to another wallet under your control.
legendary
Activity: 1150
Merit: 1004
July 19, 2015, 10:15:10 PM
#35
It's quite expensive for a device that was probably built for $10 or less.

Their tech support is not really helpful.

I won't comment on their BOM or whether the price is reasonable or not. If you think it's too much then don't buy it.

I have two trezors. One as a backup. I've always managed to get a deal and not pay full price.

My experience with their tech support as been great. They respond quickly and are well informed.

My most recent question to them was regarding using the trezor for both Bitcoin and Litecoin. Their response was knowledgeable and thoughtful.

FYI, you can use the same Trezor For Bitcoin and Litecoin and it generates different key sets on a per coin basis. For Litecoin I use Electrum LTC and for Bitcoin I use myTrezor and Electrum all with the same Trezor device.

It's really a nice product and worth it for me.
newbie
Activity: 11
Merit: 0
July 19, 2015, 10:07:50 PM
#34

I have paper wallets in my safety deposit box.

I have some in a coinbase account.

I have some in a blockchain.info hot wallet.


WHYYYYYYYYYYY?

A safety deposit box is the same as a bank account. You don't control it..the bank ultimately does.

Coinbase? Why not just keep your money with Paypal?

Blockchain.info hot wallet? WHYYYYYYYYYY?

Mycelium phone wallet for day-to-day purchases. Trezor for long term, but accessible. Paper wallets printed securely and stored somewhere OTHER THAN A BANK FOR GOD'S SAKE for long-long term.

I am amazed by the lack of foresight in some people. No offense.

newbie
Activity: 11
Merit: 0
July 19, 2015, 09:39:49 PM
#33
Vulnerabilities have kept showing up for it. Let's be honest, it's not safe. But it's probably better than some of the other options.

Wow...shill much?
sr. member
Activity: 251
Merit: 253
July 19, 2015, 09:16:11 PM
#32
So I could buy 2 set them up as clones and put one in a bank safety deposit box?  
 then if my in house breaks or is stolen I could go to my safety deposit box and access the wallet?  
 if true to both questions and you have a decent amount of coins I would consider buying it.

and if I was buying 2.

 I may as well buy 3.

   since 2 = 238 usd and 3 = 299 usd



You can't make clones, each device has a separate private key and even if you could 'clone' it, it would be pointless in purchasing more than one device.
Just make sure you never misplace your Trezor and your recovery card at the same time, then you would be truly screwed. If someone steals your Trezor they can't access your funds because you have a PIN setup, each time you enter the PIN incorrectly you get locked out longer and longer at each failed attempt. You would have plenty of time to get your recovery card from your safe deposit box and recover your funds before the thieve could ever access them.
sr. member
Activity: 251
Merit: 253
July 19, 2015, 09:00:04 PM
#31
So far I do this.


I have paper wallets in my safety deposit box.

I have some in a coinbase account.

I have some in a blockchain.info hot wallet.

I have a node with an empty wallet.

I no longer use web wallets, they're simply not safe enough. For my hot wallet I use my Trezor, for cold I use paper wallets and store them in a safe deposit box ( insured!  Wink )
I also keep my recovery card in my safe deposit box

Paper wallets will always be the safest.
legendary
Activity: 1106
Merit: 1000
July 19, 2015, 08:46:43 PM
#30
Any thoughts? I want to store by BTC safely and securely offline. Anybody got any experience of using trezzor for that? Positives and negatives?

trezzor wallet is the best so far in the markeet i can only find their 1 compitator which is LEDGER wallet both hardware wallets are great but i find trezzor more secure however LEDGER wallet is fancy usb and etc but not as secure as trezzor
legendary
Activity: 4158
Merit: 8049
'The right to privacy matters'
July 19, 2015, 08:34:21 PM
#29
I've considered buying an electronic wallet like Trezzor before but

a) I don't have enough BTC to care that much
b) Im paranoid about electronic devices and trust more a BIP38 (a paper wallet with a password) than something thats prone to failure, needs updates etc.


So far I do this.


I have paper wallets in my safety deposit box.

I have some in a coinbase account.

I have some in a blockchain.info hot wallet.

I have a node with an empty wallet.
hero member
Activity: 672
Merit: 502
July 19, 2015, 08:30:26 PM
#28
I've considered buying an electronic wallet like Trezzor before but

a) I don't have enough BTC to care that much
b) Im paranoid about electronic devices and trust more a BIP38 (a paper wallet with a password) than something thats prone to failure, needs updates etc.
hero member
Activity: 518
Merit: 500
July 19, 2015, 08:09:37 PM
#27
It's quite expensive for a device that was probably built for $10 or less.

Their tech support is not really helpful.

I respect their price and do you know why? They are basically selling the idea, tell me, will you sell TREZOR for $10? For $20? No, you will try to take as much as you can because it's unique!
I can make that amount every week just from signature campaign, it's not that high.. Smiley
Pages:
Jump to: