Trezor Usage Not Secure IMO | Bitcointalksearch.org

crazy_rabbit

legendary

Activity: 1204

Merit: 1001

RUM AND CARROTS: A PIRATE LIFE FOR ME

Quote from: drawingthesun on April 14, 2014, 12:02:57 PM

Quote from: roslinpl on April 14, 2014, 11:29:19 AM

I believe one day we will have so many wallet devices to choose Wink

and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket

I am pretty sure of it.

If Bitcoin does remain the king for 10 years and you still hold some, you'll be able to buy the supermarket.

Thats why I'm in it. To buy the supermarket. Reasonable dreams indeed. :-)

Chef Ramsay

legendary

Activity: 1568

Merit: 1001

Is there an ETA on when the pre-orders ship?

2112

legendary

Activity: 2128

Merit: 1068

Quote from: MWNinja on April 14, 2014, 12:16:54 PM

My wish list:

Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot. Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates. Certificate based system to allow the manufacturer to authenticate and update devices remotely.

This was already discussed in the original thread: Trezor aims to promote open development and not trying to recreate jailed environment like the ones promulgated by Apple or Samsung.

Genuine paranoiacs will never feel "secure enough", but the points above are from a wishlist of a petty tyrant or a naive newbie.

madmadmax

hero member

Activity: 740

Merit: 501

Quote from: slush on April 04, 2014, 07:48:34 AM

Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.

Well that begs the question what is an untrusted source? A guy producing fraudulent dollar bills in his basement is producing legit bills as far as he's concerned, they are legit fraudulent dollar bills. Same thing with Trezor, it might be an official lie or an unofficial lie but the fact that it is manufactured in China well under the control of the three letter organizations doesn't change.

A device like that could be compromised in manufacturing by adding a "broadcaster" the size of a transistor in the design, it could then become possible to acquire the private keys over a distance of up to a mile.

The 5$ wrench in effect.

Wilikon

legendary

Activity: 1176

Merit: 1001

minds.com/Wilikon

Quote from: roslinpl on April 14, 2014, 11:29:19 AM

I believe one day we will have so many wallet devices to choose Wink

and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket

I am pretty sure of it.

https://www.youtube.com/watch?v=k8LqlMzEe-I

MWNinja

hero member

Activity: 630

Merit: 500

My wish list:

Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot. Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates. Certificate based system to allow the manufacturer to authenticate and update devices remotely.
Mutual Authentication. The device displays a password or image known to the user so the user can verify the device's authenticity.
Biometric User Authentication. The device can authenticate based on a person's DNA, fingerprint, iris scan, etc.

drawingthesun

legendary

Activity: 1176

Merit: 1015

Quote from: roslinpl on April 14, 2014, 11:29:19 AM

I believe one day we will have so many wallet devices to choose Wink

and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket

I am pretty sure of it.

If Bitcoin does remain the king for 10 years and you still hold some, you'll be able to buy the supermarket.

roslinpl

legendary

Activity: 2212

Merit: 1199

I believe one day we will have so many wallet devices to choose Wink

and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket

I am pretty sure of it.

drawingthesun

legendary

Activity: 1176

Merit: 1015

Quote from: Massimo80 on April 04, 2014, 08:51:54 AM

By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.

But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?

Please research into http://gitian.org/

I believe the Bitcoin reference client is created via this process and it allows the user to know for sure that their binary is in fact compiled from the source on Github. We are learning about more secure ways of distributing software from source.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: softron on April 04, 2014, 09:04:21 AM

my main concern is how it handles a hardware failure.

During the initial setup, the device provides you with a series of (I believe 20) words. These words can be used during the setup of a new device to recover from hardware failure/theft/washing machine/etc. Write them down or in some other way store them securely and you are set.

These guys have designed a solid hardware wallet that fits a specific use case (requiring a USB-capable host device). I'll be picking one up for sure and I look forward to the next generation which will hopefully work via NFC, or bluetooth to phones, or another wire-free connection solution.

skooter

member

Activity: 70

Merit: 10

Quote from: franky1 on April 04, 2014, 05:33:43 PM

plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.

the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.

so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk

You can have firmware that's locked into the chip, and have a PC program has read only access to that firmware, to confirm it's the real firmware.

acoindr

legendary

Activity: 1050

Merit: 1002

Quote from: slush on April 04, 2014, 07:48:34 AM

Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected,

slush, FWIW I think the Trezor is indeed safe for now when it and Bitcoin are not so popular in the mainstream. I used that title to make a point. I'd rather have people thinking something which is secure could be insecure than vice versa. I hope to avoid a situation where it's commonly believed the Trezor is safe for storing 50-100K USD plus of value, only to see it vanish because some hackers set up successful real world MITM attacks.

Quote from: slush on April 04, 2014, 07:48:34 AM

but that definitely isn't something what regular users will do.

I agree.

That's why I made this post (with a proposed a solution).

franky1

legendary

Activity: 4270

Merit: 4534

plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.

the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.

so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk

bryant.coleman

legendary

Activity: 3654

Merit: 1217

Quote from: slush on April 04, 2014, 07:48:34 AM

Don't buy Trezor from untrusted source. Problem solved.

Right now you can't buy Trezor from their official site. So many people will go for third party re-sellers.

BitCoinDream

legendary

Activity: 2338

Merit: 1204

The revolution will be digital

Quote from: acoindr on April 02, 2014, 11:34:13 AM

The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking.

It seems Mike Hearn has been first to receive his Trezor:

https://plus.google.com/+MikeHearn/posts/UbvCG78WpjM

While the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one)

I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed.

People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure.

I think an implementation of RSA SecureID or similar type of a thing to verify the hardware is from the original vendor may solve the problem...

jmw74

full member

Activity: 236

Merit: 100

If the biggest worry is an attacker intercepting the trezor in transit (and tampering with it), then it's so much more secure than the alternative, that we should be thrilled with the giant leap forward.

coastermonger

sr. member

Activity: 367

Merit: 250

Find me at Bitrated

I'm not discouraging the use of hardware wallets at all, but I don't think they're tops in terms of security.

In the most ideal scenario imaginable, you have your wallet spread across multiple computer devices. Computer 1, Computer 2, and phone would be sufficient for most people.

Go to spend your coins, and it creates a partial transaction which gets communicated to the other wallets, they sign off on it using multi-sig and the whole package gets relayed to the bitcoin network. At no point in the process did one single device ever have the full control to spend your coins.

Better still, if one of them WAS compromised, the best it could do would be to create a partially unfinished multi-sig transaction, and at that point you would know of the intention.

softron

full member

Activity: 210

Merit: 100

Hardware wallets are a good idea maybe other products will meet required standard. my main concern is how it handles a hardware failure.

Massimo80

full member

Activity: 168

Merit: 100

By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.

But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?

Concern for security is a good thing. But paranoia has to stop somewhere...

slush

legendary

Activity: 1386

Merit: 1097

Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.

roslinpl

legendary

Activity: 2212

Merit: 1199

yes well security of trezor must be proven

And soon it will be..
But I believe this is very good device and it will give a chance to keep out BTC's really safe.

acoindr

legendary

Activity: 1050

Merit: 1002

The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking.

It seems Mike Hearn has been first to receive his Trezor:

https://plus.google.com/+MikeHearn/posts/UbvCG78WpjM

While the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one)

I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed.

People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure.

Topic: Trezor Usage Not Secure IMO (Read 2228 times)