Pages:
Author

Topic: What if the Trezor server got compromised? (Read 3549 times)

hero member
Activity: 715
Merit: 500
January 16, 2015, 01:01:36 PM
#49
1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?
1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.
Thank you for the answers.  I'm still a little confused how any wallet can be recovered with the seed without there being a copy of it anywhere.  Since the recovery process is completed using mytrezor and can be done from any machine, there has to be something pertaining to the wallet stored on Satoshi Labs servers. 

All of the private keys in the wallet are derived from the recovery seed. Recovering a wallet consists of deriving those keys again from the recovery seed. The name of this system is "hierarchical deterministic wallet" or "HD wallet". The process is also known as BIP 32 and is described in detail here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

I see, that makes sense, so the private keys are created based on the recovery key.  Thank you.
newbie
Activity: 3
Merit: 0
January 16, 2015, 12:52:54 PM
#48
nothing will happen if the server is compromised just check their faq for some information about that



I wonder if you export the private key from the trezor?
legendary
Activity: 4522
Merit: 3426
January 16, 2015, 12:51:02 PM
#47
1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?
1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.
Thank you for the answers.  I'm still a little confused how any wallet can be recovered with the seed without there being a copy of it anywhere.  Since the recovery process is completed using mytrezor and can be done from any machine, there has to be something pertaining to the wallet stored on Satoshi Labs servers. 

All of the private keys in the wallet are derived from the recovery seed. Recovering a wallet consists of deriving those keys again from the recovery seed. The name of this system is "hierarchical deterministic wallet" or "HD wallet". The process is also known as BIP 32 and is described in detail here: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
hero member
Activity: 715
Merit: 500
January 16, 2015, 12:37:03 PM
#46
1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.



Thank you for the answers.  I'm still a little confused how any wallet can be recovered with the seed without there being a copy of it anywhere.  Since the recovery process is completed using mytrezor and can be done from any machine, there has to be something pertaining to the wallet stored on Satoshi Labs servers. 
legendary
Activity: 4522
Merit: 3426
January 16, 2015, 12:28:36 PM
#45
1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

1. The wallet exists only on the Trezor. It can be recreated using the recovery seed so there is no need to make a copy.
2. The recovery seed is generated using internal hardware combined with random data from the computer when you set it up. You can also create your own custom seed.
3. The primary danger is a compromised app on the computer swapping an intended receiving address with its own address without you noticing.
4. I don't know, but that can be determined by looking at the code.

hero member
Activity: 715
Merit: 500
January 16, 2015, 11:53:21 AM
#44
I own a couple Trezor's and had some questions I hope can be answered.  I store a lot of BTC on my Trezor, so it's important that it's very secure. 

1. I realize that private keys never leave the Trezor, however I assume a copy of my wallet is stored on Trezor servers, since I can recover my wallet if I lose my Trezor?
2. How is the recovery seed created on the Trezor, is the recovery seed programmed into the Trezor before it's shipped or is it completely random?
3. Is there some protection against 3rd party wallets (Electrum 2.0) that may be compromised.  I assume many wallets will support Trezor in the future.
4. When I connect my Trezor for the first time, setup my wallet and seed, transfer BTC to wallet, what exact information is stored with Satoshi Labs servers?

Thank you.
hero member
Activity: 609
Merit: 506
January 13, 2015, 03:20:01 PM
#43
This is why we need Maidsafe. Servers are deprecated and only create trouble.

I run a Trezor off a bitcoin node that runs in my house.  The Trezor talks to an electrum 2.0 beta client and the electrum 2.0 beta client talks to an electrum server which talks to the bitcoin node.  The electrum server and the bitcoin node are physically in my home office.

It all works.  It's very fast. It's easy to use. The Trezor is presently connected via USB to a Windows 7 workstation and the Electrum server and  bitcoin node are running on a small Linux machine that I had lying around.



Have you written up how you set this up? It would be nice to see some docs about how to do this.

The biggest part of the problem was becoming familiar with compiling software and installing it on the operating systems that were involved:  Ubuntu 14.04 and Windows 7.  Initially, I just focused on Ubuntu.  I started out running it in a VMware virtual machine (free version) that ran under Window 7, but this was interfering with the performance of other things I use the machine for, so I spend $300 and put together an Atom based Intel NUC system with 120 GB SSD and 8 GB of RAM.  I installed Ubuntu 14.04 LTS on this machine.  Initially I was using a spare keyboard and mouse and VGA display, but after I got the system running OK and set up SSH I have managed the system headless using PUTTY from my Windows 7 machine.

I went to the Electrum web site and then to Github and found the instructions for installing Electrum Server, which involve building it from source. This was pretty straightforward, just involved tracing down some dependencies.  I am no Linux expert, so a certain amount of Googling was needed to interpret error messages and figure out how to do things, such as increasing the number of open files.  The first part of the directions was to build a bitcoin node from source on this machine.  After I got this working, and installed on the system and it seemed to be working OK, I moved on to the electrum server and got it to work with electrum clients on one of my other machines (the release version, not the Trezor version. At this point I was running a couple of PUTTY terminal windows.  The last thing to do on this box was to rig it so that bitcoind and Electrum server started up automatically at boot. The machine runs unattended and draws almost no power (less than 15 watts) and sits behind a  UPS, so it does not glitch with my frequent power interruptions.  The Electrum Server is not very robust and if the system is shut down without waiting for the Electrum server to finish processing, the database can be corrupted and this can take hours to recover, so don't do this.

The next step was to get an Electrum 2.0 client running.  I did this first under an Ubuntu virtual machine on my Windows system. The directions are at the Electrum git-hub site. Again, some tracing down dependencies and loading them with apt-get.  At this point the next step was to get the Trezor running.  This requires installation of appropriate routines to allow Python programs to access the Trezor via the USB. This is the Python Trezor code, also available from Github. It includes a "hello world" test program to verify that a Python program can talk to the Trezor.  I ran into one obscure problem getting this to work. I had to find the utility to see what was going on on the (virtual) USB, bypassing the "Cython" wrapper that connected Python to the C code that talked to the USB. I thought something was seriously broken, but then I discovered that everything worked fine so long as I was running as root.  Once I set up the USB protections so the account used for the my normal login was permitted to access the Trezor (both read and write) then everything was fine.  At this point it was just a matter of starting with no wallets in the .electrum directory and Electrum 2.0 prompted me for the rest and my Trezor based wallet showed up.

I ran this way for a month.  Eventually, I got bored and curious and figured out how to get Electrum 2.0 to run under Windows 7.  This involved installing Python, Python-Qt and a development environment for C code.  This was another learning experience on my part, but it was all possible by downloading free software.  I got waylaid for a few hours until I realized that the free C compiler I had used was only 32 bits, and so I had to redownload and reinstall the appropriate versions of Python and Python-Qt.

For someone with more skill that I had, all of this would be an easy process.  The longest time required was the time for the initial download and block sync of bitcoind and the downloading of the electrum server database and initial sync of the electrum server.   If all you want to do is use Trezor via Electrum, none of this server work is needed, but then you will have to trust the electrum servers, which means you had better not be paranoid.

I deliberately picked a low end Intel Nuc (1.4 GHz single core) for a server machine  to see if it would be fast enough. It takes less than 10 percent of CPU time for bitcoind to keep up with the network, even where 1 MB blocks are back to back.  I can't say as much for the Electrum Server.  The CPU seems to be saturated and uses about 30-40 percent of the CPU on this slow machine for large blocks.  This seems unnecessary, as I understand it, but I don't know enough about Python to know how to profile the software and speed it up.  (I'm sure that this can be done, because running an Electrum Server doesn't involve verifying transactions in the block chain, which is the time consuming part of bitcoin processing.  The server is just doing database processing which ought to be lightening fast with 8 GB of RAM and an SSD.)

I would not recommend doing this if you aren't already an expert or (as in my case) you "enjoy" learning experiences. :-)

https://github.com/spesmilo/electrum-server
https://github.com/spesmilo/electrum
https://github.com//trezor/python-trezor






Thanks.
hero member
Activity: 1022
Merit: 500
January 12, 2015, 05:06:37 PM
#42
you should understand how trezor works

trezor private keys are stored in trezor ,and they never go out from it

so trezor server does not matter to hack your bitcoins

If it did, trezor would be useless as a paper wallet would be safer.
legendary
Activity: 1386
Merit: 1097
January 12, 2015, 04:52:22 PM
#41
In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.

Paper wallets all the way.

So you spend your paper wallet by computing ECDSA signatures in your head ;-).

Everything around TREZOR is opensource and auditable. Private key never leaves the device. All random numbers are generated from mixed entropy from HRNG and computer's randomness. Builds are deterministic. Firmware update need to be confirmed by user and firmware fingerprint is validated by bootloader. There's no WIFI/bluetooth on board (you can buy two trezors and open one of them to check yourself).

We've put ~two years of designing and developing this stuff with top security in our mind. I really don't think that people will find some vulnerability after few minutes of thinking, which we did not considered already :-).
hero member
Activity: 812
Merit: 509
January 12, 2015, 04:36:46 PM
#40
Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?

Paper wallets can be stolen and they have no passwords.
Memory sticks can be destroyed in a fire or lost/stolen.
You still need to sweep the private keys for every spend.

This is what is advantageous about Trezor. The masses need such a device if bitcoin is going to become big.

Trezor could be compromised if cameras watch you typing the seed?
hero member
Activity: 616
Merit: 500
I got Satoshi's avatar!
January 12, 2015, 04:25:45 PM
#39
From what I can find from wading through some of the code, it looks like its random functions are at least cryptographically secure.

Code:
def _get_local_entropy(self):
  return os.urandom(32)
member
Activity: 61
Merit: 10
January 12, 2015, 04:23:38 PM
#38
Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?
you have backup of your seed on the paper as well. You can use any BIP32 compatible wallet to import the seed and recover your funds.

Electrum is currently in beta http://www.reddit.com/r/TREZOR/comments/2jp9uk/tutorial_install_electrum_20_beta_with_trezor/ , soon you will be able to use Trezor with Multibit HD, Armory and GreenAddress.

Basically there is no way, how you can loose your coins using Trezor.
legendary
Activity: 4522
Merit: 3426
January 12, 2015, 04:12:56 PM
#37
Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?

If the Trezor goes, you have the seed that can be imported into another wallet.
legendary
Activity: 1442
Merit: 1188
January 12, 2015, 04:04:34 PM
#36
Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?
member
Activity: 61
Merit: 10
January 12, 2015, 03:08:56 PM
#35
The private keys of your trezor never go out from it, and you can always check in its screen the transaction parameters to see if they are correct or not.

I have not seen yet any trezor hack.

Boy wouldn't it suck to find out one day that the Trezor devices were simply using wifi to transmit the information on them?

There are so many suspicious infommerical-sounding posts for the Trezor all over the internet right now, I really wonder how many are legit.

In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.

Paper wallets all the way.

-B-
Please read the docs first http://doc.satoshilabs.com/trezor-user/securityphilosophy.html . Do not you think, if there will be any wi-fi integrated in the hardware someone will already find out? Do not you think if there will be some security issue, people like Andreas Antonopolous will be even bothered to mention Trezor device as a secure solution http://www.reddit.com/r/Bitcoin/comments/2mz3q3/new_identity_of_andreas_m_antonopoulos_secure_and/

Yes, paper wallets are safe, but you still need to load private keys from paper using a trusted computer to send your coins to somebody else. Also if you do not understand, how change adresses work, you are most likely to loose your coins.
member
Activity: 61
Merit: 10
January 12, 2015, 02:59:14 PM
#34
Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free
A paper backup is a quite safe method to protect bitcoins, but you still need to load private keys from paper using a trusted computer to send your coins to somebody else - please see the docs - http://doc.satoshilabs.com/trezor-faq/differences.html
hero member
Activity: 924
Merit: 1001
January 12, 2015, 02:54:46 PM
#33
The private keys of your trezor never go out from it, and you can always check in its screen the transaction parameters to see if they are correct or not.

I have not seen yet any trezor hack.

Boy wouldn't it suck to find out one day that the Trezor devices were simply using wifi to transmit the information on them?

There are so many suspicious infommerical-sounding posts for the Trezor all over the internet right now, I really wonder how many are legit.

In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.

Paper wallets all the way.

-B-
legendary
Activity: 966
Merit: 1000
January 12, 2015, 02:40:09 PM
#32
I will send Slush link to this thread, he may answer you...
It has already been answered on the first page Wink
sr. member
Activity: 364
Merit: 250
January 12, 2015, 02:32:46 PM
#31
I will send Slush link to this thread, he may answer you...
full member
Activity: 217
Merit: 259
January 12, 2015, 02:30:30 PM
#30
AFAIK, the Trezor has a hardware random device so the random numbers it produces should be good.  Just in case, it also adds random numbers from the computer on first initialization.

But if you really want to, you can enter your own seed generated from dice rolls. It must conform to bip39 (12/18/24 words, part of the last word is a checksum).  The spec is out, but I'm not sure if someone implemented a tool that converts dice rolls into a bip39 mnenomic sequence. If you go this way, you need to trust the computer where you compute the sequence. 

You should never enter the 12/18/24 word sequence directly into a computer.  If you restore the Trezor from backup it will ask for the words in a random order (on its own display), so even if the javascript code or the local computer is compromised, it will not know the order of the words.  Of course, knowing which words occur in the sequence drastically reduces the security of the sequence.

Firmware updates have to be sent manually to the trezor using a special procedure involving pressing both buttons while connecting the trezor to the computer.  So even if the firmware keys are compromised, an attacker has to convince you to make a firmware update.  So if you check the social networks for announcements before doing a firmware update you should be fine.  Another problem may be an unknown bug (0day exploit) in the current firmware.  Still an attacker needs to compromise first your computer or the mytrezor domain or the client you use to access the Trezor and second the Trezor firmware.
Pages:
Jump to: