Topic: MultiBit HD 0.0.6beta released - improved Trezor support and installer (Read 1934 times)

Thanks for the donation !
I'll reply to your suggestions in your other post

Just installed and using with my BWALLET (Trezor Clone). So far, so good. Sent a donation your way to test sending with the BWALLET.

Feature Request:

Can you add a screen where all receiving and change addresses used can be viewed?

Thank you.

 

On your last point, yes it is possible but we are trying to keep MultiBit HD simple so that the barrier to entry is low.

There are lots of good wallets and probably more appearing every month - we are trying to make the 'WinZip' of wallets where it is easy to use and pick up.

Thanks for your explanation. mytrezor.com uses random order for inputting the seed words so even if spyware knows the words they don't know the order. My worry doing the "soft" to "hard" restore would be losing the funds while moving them to the new trezor. They also default to 24 words though. Another way to not expose the keys could be using the pin pad entry and entering the seed number for each word. That way the words are never discovered by spyware.

I agree. However we have to mimic the display that is showing on the Trezor device itself so we're limited. We have put a more descriptive message above the display to try to explain what is going on.

Thanks for the feedback. I'll try to address your concerns as best I can.

The Trezor capabilities only activate when a Trezor is plugged in. We felt that most folks would not want to be concerned with Trezor info if they didn't own one and that those who did would just attach it at some point. Also the password screen is quite crowded already and having a "Please attach your Trezor now" message would only be useful the first time.

We deliberately stay away from firmware updates because that is really the purview of SatoshiLabs and if something goes wrong during the process then we would rather they handle those situations with their expertise.

Loading a wallet with a seed phrase is possible for us to support (we provide command line tools in the MultiBit Hardware project for our own purposes), but this breaks the security model. Once a seed phrase is exposed to a desktop machine it is susceptible to malware which is the whole reason for our Trezor support.

Of course it is possible to go from a "hard" wallet (Trezor) to a "soft" wallet (seed known to desktop). This is necessary in case the Trezor is lost, stolen or damaged. But to go the other way would introduce a false sense of security. Rather than continue using a possibly compromised seed phrase it is better to simply create a fresh "hard" wallet on the Trezor and generate a fresh receive address. Then type the old seed phrase in to create the "soft" wallet, wait for synchronization to complete, then use the Empty Wallet tool to spend all funds to the new "hard" wallet.

The local wallets are encrypted using symmetric encryption from the Trezor device. This encryption is based on the private key of the seed phrase and therefore requires the Trezor to be physically present to unlock the wallet. In this manner you can safely use a MultiBit HD installation on another desktop machine and after you exit the wallet the data is encrypted such that no-one else can access it without a Trezor device loaded with your seed phrase.

When loading the wallet with trezor "Encode value of this key" message is kind of confusing. 

My notes so far:

-in the wizard it doesn't show trezor unless it's plugged in first -perhaps a warning to plug it in?
-when multibit is opened it asks for a password -it's not obvious that the trezor should be plugged in

Does multibit allow restoring trezor seeds somehow? Or updating firmware?

Is an extra key put on the trezor for encrypting the backup and unlocking the wallet contacts/history or does it use some type of private key signing?

Gary and I have released an update to MultiBit HD (0.0.6beta) that has improved Trezor support and an improved installer.

Here's a blog article with more details.

It's still in beta so we advise people to try it out with only a few millis. If you have a Trezor it's worth trying out (You don't need a Trezor to use it mind).

Jim