Pages:
Author

Topic: Trezor Usage Not Secure IMO (Read 2407 times)

legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
April 14, 2014, 04:00:58 PM
#22
I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.



If Bitcoin does remain the king for 10 years and you still hold some, you'll be able to buy the supermarket.

Thats why I'm in it. To buy the supermarket. Reasonable dreams indeed. :-)
legendary
Activity: 1568
Merit: 1001
April 14, 2014, 03:42:50 PM
#21
Is there an ETA on when the pre-orders ship?
legendary
Activity: 2128
Merit: 1073
April 14, 2014, 02:32:31 PM
#20
My wish list:

Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot.  Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates.  Certificate based system to allow the manufacturer to authenticate and update devices remotely.
This was already discussed in the original thread: Trezor aims to promote open development and not trying to recreate jailed environment like the ones promulgated by Apple or Samsung.

Genuine paranoiacs will never feel "secure enough", but the points above are from a wishlist of a petty tyrant or a naive newbie.
hero member
Activity: 740
Merit: 501
April 14, 2014, 11:55:57 AM
#19
Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.

Well that begs the question what is an untrusted source? A guy producing fraudulent dollar bills in his basement is producing legit bills as far as he's concerned, they are legit fraudulent dollar bills. Same thing with Trezor, it might be an official lie or an unofficial lie but the fact that it is manufactured in China well under the control of the three letter organizations doesn't change.

A device like that could be compromised in manufacturing by adding a "broadcaster" the size of a transistor in the design, it could then become possible to acquire the private keys over a distance of up to a mile.

The 5$ wrench in effect.
legendary
Activity: 1176
Merit: 1001
minds.com/Wilikon
April 14, 2014, 11:44:48 AM
#18
I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.




https://www.youtube.com/watch?v=k8LqlMzEe-I  Smiley
hero member
Activity: 630
Merit: 500
April 14, 2014, 11:16:54 AM
#17
My wish list:

Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot.  Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates.  Certificate based system to allow the manufacturer to authenticate and update devices remotely.
Mutual Authentication.  The device displays a password or image known to the user so the user can verify the device's authenticity.
Biometric User Authentication.  The device can authenticate based on a person's DNA, fingerprint, iris scan, etc.

legendary
Activity: 1176
Merit: 1015
April 14, 2014, 11:02:57 AM
#16
I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.



If Bitcoin does remain the king for 10 years and you still hold some, you'll be able to buy the supermarket.
legendary
Activity: 2212
Merit: 1199
April 14, 2014, 10:29:19 AM
#15
I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.

legendary
Activity: 1176
Merit: 1015
April 14, 2014, 10:12:55 AM
#14
By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.

But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?

Please research into http://gitian.org/

I believe the Bitcoin reference client is created via this process and it allows the user to know for sure that their binary is in fact compiled from the source on Github. We are learning about more secure ways of distributing software from source.
hero member
Activity: 493
Merit: 500
April 14, 2014, 10:04:31 AM
#13
my main concern is how it handles a hardware failure.

During the initial setup, the device provides you with a series of (I believe 20) words. These words can be used during the setup of a new device to recover from hardware failure/theft/washing machine/etc. Write them down or in some other way store them securely and you are set.

These guys have designed a solid hardware wallet that fits a specific use case (requiring a USB-capable host device).  I'll be picking one up for sure and I look forward to the next generation which will hopefully work via NFC, or bluetooth to phones, or another wire-free connection solution.
member
Activity: 70
Merit: 10
April 04, 2014, 06:18:32 PM
#12
plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.

the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.

so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk



You can have firmware that's locked into the chip, and have a PC program has read only access to that firmware, to confirm it's the real firmware.
legendary
Activity: 1050
Merit: 1002
April 04, 2014, 05:52:12 PM
#11
Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected,

slush, FWIW I think the Trezor is indeed safe for now when it and Bitcoin are not so popular in the mainstream. I used that title to make a point. I'd rather have people thinking something which is secure could be insecure than vice versa. I hope to avoid a situation where it's commonly believed the Trezor is safe for storing 50-100K USD plus of value, only to see it vanish because some hackers set up successful real world MITM attacks.

but that definitely isn't something what regular users will do.

I agree.

That's why I made this post (with a proposed a solution).
legendary
Activity: 4424
Merit: 4794
April 04, 2014, 04:33:43 PM
#10
plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.

the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.

so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk

legendary
Activity: 3766
Merit: 1217
April 04, 2014, 09:07:23 AM
#9
Don't buy Trezor from untrusted source. Problem solved.

Right now you can't buy Trezor from their official site. So many people will go for third party re-sellers.
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
April 04, 2014, 08:13:19 AM
#8
The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking.

It seems Mike Hearn has been first to receive his Trezor:

https://plus.google.com/+MikeHearn/posts/UbvCG78WpjM

While the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one)

I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed.

People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure.



I think an implementation of RSA SecureID or similar type of a thing to verify the hardware is from the original vendor may solve the problem...

full member
Activity: 236
Merit: 100
April 04, 2014, 08:12:42 AM
#7
If the biggest worry is an attacker intercepting the trezor in transit (and tampering with it), then it's so much more secure than the alternative, that we should be thrilled with the giant leap forward.
sr. member
Activity: 367
Merit: 250
Find me at Bitrated
April 04, 2014, 08:09:31 AM
#6
I'm not discouraging the use of hardware wallets at all, but I don't think they're tops in terms of security.

In the most ideal scenario imaginable, you have your wallet spread across multiple computer devices.  Computer 1, Computer 2, and phone would be sufficient for most people. 

Go to spend your coins, and it creates a partial transaction which gets communicated to the other wallets, they sign off on it using multi-sig and the whole package gets relayed to the bitcoin network.  At no point in the process did one single device ever have the full control to spend your coins.

Better still, if one of them WAS compromised, the best it could do would be to create a partially unfinished multi-sig transaction, and at that point you would know of the intention.
full member
Activity: 210
Merit: 100
April 04, 2014, 08:04:21 AM
#5
Hardware wallets are a good idea maybe other products will meet required standard. my main concern is how it handles a hardware failure.
full member
Activity: 168
Merit: 100
April 04, 2014, 07:51:54 AM
#4
By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.

But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?

Concern for security is a good thing. But paranoia has to stop somewhere...
legendary
Activity: 1386
Merit: 1097
April 04, 2014, 06:48:34 AM
#3
Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.
Pages:
Jump to: