Pages:
Author

Topic: My new TREZOR - page 2. (Read 21695 times)

legendary
Activity: 1568
Merit: 1001
April 22, 2014, 01:33:19 PM
where can I order one?

I don't think that they can be ordered right now. The online pre-orders have been closed and everyone who had did that got their devices. Don't know when they will resume selling the device.
Well, I pre-ordered back on 8-9-13 and still haven't gotten mine yet. When this thread popped up I took note and emailed the Trezor people and not even a peep back from them in about a month. Any ideas?
member
Activity: 86
Merit: 13
April 22, 2014, 12:59:59 PM
The risk with a backdoored TREZOR is not that it generates public/private keys incorrectly (which is what the BIP32 test vectors test). It's that it can leak the private keys/seed via some side channel, or can be told to sign transactions bypassing the usual user confirmation logic.

For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.
(disclaimer -this is the first I have heard about this project)

I dont know about that... it doesnt have to be backdoored for those situations to arise. hanlons razor n all that.

what about stuff like diff power analysis and van eck [radiation]? how susceptible is the device to interference over the usb? or a radio transmitter or just a mobile phone.   anyway if the trezor cannot guard against a malicious PC that it is connected too, whats the point? You wouldnt be connecting it to a POS/PDQ in a hurry... so it is just another thing to go wrong - how many key pairs does it create?  I lost bitcoins before when the send change to new/random address 'bug' was squashed and the change address wasnt in my backup keypairs. (damn you satoshi dice Smiley and me for not reading the release notes)

Another avenue is via some basic firmware bug that allows a different amount to be displayed rather than what it is actually asked to be signed... I trust the creators intentions, but this shit is hard to get right - very hard. not knocking anyone but bugs are bugs... I think this attack would be slightly more dangerous than bypassing the sign conformation prompt. am I correct in thinking that the wallet cannot be passworded? maybe a simple left button x times, right button y times would be useful.

I am probably never going to own one though so wont be able to do this kinda testing on it.  good luck though guys.  I fear the plastic ones might be a bit more damageable from outside noise.

would you show me images of the inside? I would love to know the part numbers. is it easy to disassemble?

I have some good schematics for noise generators (which I have made and use) if this even vaguely interests you? guessing not, but maybe the team (slush et al) might be. hit me up.  I can also help with anti tamper (so someone breaks it open, or tries to shave bits off the outside it will purge the secret keys and any other sensitive info - so if it is lost/stolen there is another layer of defence. (potting [setting in resins] would also help, interweave a metal for a mini faraday cage...) - there are also greater options that provide massive security leaps. (dual cypher, dual implementation of cypher, thermo based rng, etc)

We (mistfpga) looked at doing a bitcoin HSM/PayShield type device then the other two got bored with it and went back to breaking things Smiley shame really. but we are more a small group of hardware/software hackers with a strong bias towards crypto.

anyway good work guys.  I wish you all the luck. and thanks for posting mike, you got me thinking. Smiley

cheers,

steve.
full member
Activity: 164
Merit: 100
Indie Developer
April 22, 2014, 10:03:30 AM
#99
man, that device looks beautiful...  i could imagine that such a device could gain popular traction not only because it´s bitcoin but because it is stylish... Cool


http://www.space2099theseries.com/blogs/attachment177d1330458227-what-your-computer-looked-like-1995-what-could-100-years-now-computer.jpg

It looks more like the Picodore 64 Smiley
legendary
Activity: 3766
Merit: 1217
April 22, 2014, 07:25:24 AM
#98
where can I order one?

I don't think that they can be ordered right now. The online pre-orders have been closed and everyone who had did that got their devices. Don't know when they will resume selling the device.
legendary
Activity: 2114
Merit: 1090
=== NODE IS OK! ==
April 22, 2014, 07:03:18 AM
#97
You get proud to be Czech once in your life and this is the day
legendary
Activity: 2212
Merit: 1038
April 22, 2014, 04:14:42 AM
#96
Pre-orders are NOT COOL.
member
Activity: 64
Merit: 10
April 22, 2014, 04:11:50 AM
#95
Quote
- production of Classics cases is still facing difficulties, we will know more tomorrow (fingers crossed), if not going well, we are negotiating alternative production

Any News?
legendary
Activity: 2436
Merit: 1366
April 10, 2014, 10:30:47 AM
#94
Looking pretty sweet! I'm thinking about getting one myself. 
legendary
Activity: 2212
Merit: 1199
April 10, 2014, 08:42:15 AM
#93
Gotta admit, it looks sleek.

It looks great in ALU case ... for just 3BTC it can be ordered for you Cheesy
full member
Activity: 120
Merit: 100
April 10, 2014, 08:11:48 AM
#92
Gotta admit, it looks sleek.
newbie
Activity: 56
Merit: 0
April 10, 2014, 07:34:29 AM
#91
It looks pretty great!!!
sr. member
Activity: 441
Merit: 268
April 08, 2014, 03:13:55 PM
#90
The POS can create tx and just require your Trezor to sign.

In order for POS to create TX it would need to know addresses and their balances which basically is scanning.

This is being addressed with BIP70, payment protocol, and will be implemented in future TREZOR firmware releases.
member
Activity: 80
Merit: 10
April 08, 2014, 03:06:39 PM
#89
This is very cool and all, but how could this be extended to be used without a PC, e.g. paying a bill in a restaurant?

By creating a POS that can communicate with TREZOR. (This does not necessarily have to be special hardware, most of cash registers are computers anyway, so software and USB cable will do).

Only thing is that doing this would mean that the PoS can see the contents of your wallet, if I understand correctly.

No it doesnt.

The POS can create tx and just require your Trezor to sign.


I didn't say anything about the private keys, but the PoS can't create a transaction and send it to the TREZOR without having the UTXO info available. (it is entirely possible that there's a way to pay at a PoS without revealing the wallet contents that I haven't thought of.)
hero member
Activity: 658
Merit: 500
April 08, 2014, 02:43:06 PM
#88
This is very cool and all, but how could this be extended to be used without a PC, e.g. paying a bill in a restaurant?

By creating a POS that can communicate with TREZOR. (This does not necessarily have to be special hardware, most of cash registers are computers anyway, so software and USB cable will do).

Only thing is that doing this would mean that the PoS can see the contents of your wallet, if I understand correctly.

No it doesnt.

The POS can create tx and just require your Trezor to sign.

BIP38 also helps privacy too.
hero member
Activity: 658
Merit: 500
April 08, 2014, 02:40:47 PM
#87
Are they shipping these yet? or its still "pre order" ?
member
Activity: 80
Merit: 10
April 08, 2014, 02:19:30 PM
#86
This is very cool and all, but how could this be extended to be used without a PC, e.g. paying a bill in a restaurant?

By creating a POS that can communicate with TREZOR. (This does not necessarily have to be special hardware, most of cash registers are computers anyway, so software and USB cable will do).

Only thing is that doing this would mean that the PoS can see the contents of your wallet, if I understand correctly.
legendary
Activity: 2212
Merit: 1199
April 08, 2014, 01:47:20 PM
#85
where can I order one?

You can try official trezor web www.bitcointrezor.com
newbie
Activity: 14
Merit: 0
April 08, 2014, 12:25:47 PM
#84
where can I order one?
full member
Activity: 147
Merit: 100
April 08, 2014, 12:21:36 PM
#83
Just to tick all the boxes here, can you confirm that you have no other vested interests in TREZOR (shares in company, consultant agreements, endorsement incentives etc) that might bias your review? (Excepting of course being enthusiastic about the tech. generally.)

Just quoting this so Mike see it...

Kinda fishy you got one so early on, I think the core development team should really have been the first to handle it so they can add support and confirm that is follows the BIP 32 as spec'd by them. Would have been a nice independent review as well.

This does make sence. I have ordered a few days after the trezor project was launched but they kept on postponing, this announcement seems even more fishy. The only reason people would think this is not a total scam is that slush and stick, the two creators of trezor are respectable bitcoin members...
legendary
Activity: 1470
Merit: 1000
Want privacy? Use Monero!
April 07, 2014, 09:16:41 AM
#82
I want my device so badly, looking at all the pictures and vids Tongue

Did you ordered it already or you just wish to buy one, like I do :-)

pre ordered it Cheesy
Pages:
Jump to: