where can I order one?
I don't think that they can be ordered right now. The online pre-orders have been closed and everyone who had did that got their devices. Don't know when they will resume selling the device.
Topic: My new TREZOR - page 2. (Read 21574 times)
I don't think that they can be ordered right now. The online pre-orders have been closed and everyone who had did that got their devices. Don't know when they will resume selling the device.
The risk with a backdoored TREZOR is not that it generates public/private keys incorrectly (which is what the BIP32 test vectors test). It's that it can leak the private keys/seed via some side channel, or can be told to sign transactions bypassing the usual user confirmation logic.
For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.
(disclaimer -this is the first I have heard about this project)For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.
I dont know about that... it doesnt have to be backdoored for those situations to arise. hanlons razor n all that.
what about stuff like diff power analysis and van eck [radiation]? how susceptible is the device to interference over the usb? or a radio transmitter or just a mobile phone. anyway if the trezor cannot guard against a malicious PC that it is connected too, whats the point? You wouldnt be connecting it to a POS/PDQ in a hurry... so it is just another thing to go wrong - how many key pairs does it create? I lost bitcoins before when the send change to new/random address 'bug' was squashed and the change address wasnt in my backup keypairs. (damn you satoshi dice
and me for not reading the release notes)Another avenue is via some basic firmware bug that allows a different amount to be displayed rather than what it is actually asked to be signed... I trust the creators intentions, but this shit is hard to get right - very hard. not knocking anyone but bugs are bugs... I think this attack would be slightly more dangerous than bypassing the sign conformation prompt. am I correct in thinking that the wallet cannot be passworded? maybe a simple left button x times, right button y times would be useful.
I am probably never going to own one though so wont be able to do this kinda testing on it. good luck though guys. I fear the plastic ones might be a bit more damageable from outside noise.
would you show me images of the inside? I would love to know the part numbers. is it easy to disassemble?
I have some good schematics for noise generators (which I have made and use) if this even vaguely interests you? guessing not, but maybe the team (slush et al) might be. hit me up. I can also help with anti tamper (so someone breaks it open, or tries to shave bits off the outside it will purge the secret keys and any other sensitive info - so if it is lost/stolen there is another layer of defence. (potting [setting in resins] would also help, interweave a metal for a mini faraday cage...) - there are also greater options that provide massive security leaps. (dual cypher, dual implementation of cypher, thermo based rng, etc)
We (mistfpga) looked at doing a bitcoin HSM/PayShield type device then the other two got bored with it and went back to breaking things
shame really. but we are more a small group of hardware/software hackers with a strong bias towards crypto.anyway good work guys. I wish you all the luck. and thanks for posting mike, you got me thinking.
cheers,
steve.
man, that device looks beautiful... i could imagine that such a device could gain popular traction not only because it´s bitcoin but because it is stylish... 
http://www.space2099theseries.com/blogs/attachment177d1330458227-what-your-computer-looked-like-1995-what-could-100-years-now-computer.jpg
It looks more like the Picodore 64
where can I order one?
I don't think that they can be ordered right now. The online pre-orders have been closed and everyone who had did that got their devices. Don't know when they will resume selling the device.
You get proud to be Czech once in your life and this is the day
Pre-orders are NOT COOL.
Quote
- production of Classics cases is still facing difficulties, we will know more tomorrow (fingers crossed), if not going well, we are negotiating alternative production
Any News?
Looking pretty sweet! I'm thinking about getting one myself.
Gotta admit, it looks sleek.
It looks great in ALU case ... for just 3BTC it can be ordered for you
Gotta admit, it looks sleek.
It looks pretty great!!!
The POS can create tx and just require your Trezor to sign.
In order for POS to create TX it would need to know addresses and their balances which basically is scanning.
This is being addressed with BIP70, payment protocol, and will be implemented in future TREZOR firmware releases.
This is very cool and all, but how could this be extended to be used without a PC, e.g. paying a bill in a restaurant?
By creating a POS that can communicate with TREZOR. (This does not necessarily have to be special hardware, most of cash registers are computers anyway, so software and USB cable will do).
Only thing is that doing this would mean that the PoS can see the contents of your wallet, if I understand correctly.
No it doesnt.
The POS can create tx and just require your Trezor to sign.
I didn't say anything about the private keys, but the PoS can't create a transaction and send it to the TREZOR without having the UTXO info available. (it is entirely possible that there's a way to pay at a PoS without revealing the wallet contents that I haven't thought of.)
This is very cool and all, but how could this be extended to be used without a PC, e.g. paying a bill in a restaurant?
By creating a POS that can communicate with TREZOR. (This does not necessarily have to be special hardware, most of cash registers are computers anyway, so software and USB cable will do).
Only thing is that doing this would mean that the PoS can see the contents of your wallet, if I understand correctly.
No it doesnt.
The POS can create tx and just require your Trezor to sign.
BIP38 also helps privacy too.
Are they shipping these yet? or its still "pre order" ?
This is very cool and all, but how could this be extended to be used without a PC, e.g. paying a bill in a restaurant?
By creating a POS that can communicate with TREZOR. (This does not necessarily have to be special hardware, most of cash registers are computers anyway, so software and USB cable will do).
Only thing is that doing this would mean that the PoS can see the contents of your wallet, if I understand correctly.
where can I order one?
Just to tick all the boxes here, can you confirm that you have no other vested interests in TREZOR (shares in company, consultant agreements, endorsement incentives etc) that might bias your review? (Excepting of course being enthusiastic about the tech. generally.)
Just quoting this so Mike see it...
Kinda fishy you got one so early on, I think the core development team should really have been the first to handle it so they can add support and confirm that is follows the BIP 32 as spec'd by them. Would have been a nice independent review as well.
This does make sence. I have ordered a few days after the trezor project was launched but they kept on postponing, this announcement seems even more fishy. The only reason people would think this is not a total scam is that slush and stick, the two creators of trezor are respectable bitcoin members...
I want my device so badly, looking at all the pictures and vids 
Did you ordered it already or you just wish to buy one, like I do :-)
pre ordered it
Jump to: