Topic: you think Trezor is a safe way for bitcoin ! - page 2. (Read 6015 times)

Thanks for explaining in depth! I didn't want to quote franky1 posts above (I don't agree with his explanations) as you have already explained everything and with the knowledge that I would never be able to explain with.

In lamest terms, when I was buying a Trezor and did a research and decided to put my savings on it, I understood that this device is the safest way out there to store my bitcoins and that even if Trezor company ceases to exist I will be able to recover my coins and also that it's not that easy to insert a malicious code in it. To some extent you still have to trust them as you trust Electrum developers out there with every new release for example!

It behaves more like a smart card than a dumb memory device. The difference is that the private keys stored inside are protected with a PIN and cannot be retrieved through the USB interface. All sensitive crytographic computing is done on the TREZOR and not the browser. However, it just uses an ARM Cortex processor so unlike a typical smart card the keys are probably not protected from advanced electronic tampering or snooping were the device to fall into unfriendly hands.

My thoughts exactly. I feel like hardware wallets in general are overkill for people who are paranoid about their coins. Same measure of security can be achieved perfectly without it.
I would sleep much better knowing that my coins are stored on paper wallet that on this piece of hardware.

CMIIW but don't you have to manually enter your keys in it and if you mess up you might end up losing a lot of coins, I don't think I can trust myself to manually jot in the keys, I'd rather print them directly and then try to keep the paper wallet safe. Or just use the electrum offline with the mnemonic back up, no need for a fancy, expensive device when you can do it for free.

Do not store large amounts of coins in hardware wallets - Problem solved
The distribution of your total coins should be something like 20% hardware wallet / 80% cold storage
If you go this route, you would effectively manage the risk and prevent huge losses when something might happen.
You never know if some disgruntled employee are in possession of private keys or are aware of some back door and when they might empty your wallet. Take back the control and store most of your coins in cold storage. ^hmf^

The trezor basically only generates the tx (by signing it a-la how any bitcoin client works) and the webwallet pushes it. The trezor is basically the 'offline computer' factor in a secure wallet setup. The only 'sensitive' (where anyone with that public key would be able to see your future transactions, but not spend any of your bitcoins) date would be the public key which is transmitted to the 'webwallet' in order to show you the transactions made by the addresses. MiTM attacks are handled by the fact that the actual addresses are shown on the screen before the device signs it, so when the address is different from the one you're planning to send to, you'll know there's something fishy up there. The TX itself is not a valuable information as at worst the attacker can only refuse to broadcast it. Having the tx itself is not beneficial in any way as the hash would be invalid if any changes were made - as in where a PGP signed message cannot be modified without invalidating the signature itself.

Electrum, Multibit and a few others are amongst examples of independent softwares utilizing the fact that you're basically free to push the TX to any miner/network user that you choose. You can run it on any offline computer by utilizing the command line/API that comes with it obviously.

Full disclosure: I recently bought a trezor after using Armory on an offline netbook for a few years (when I escrowed a lot). I've studied the source code and understood how it actually works  before plunking down the cash for it, and I'm currently writing some tools for it.

A Panduit MEHT187 could also be used for embossing stainless steel tape.
http://www.panduit.com/heiler/ProductBulletins/SA-SSCB25%20%28Permanent%20id%20solutions%20harsh%20environ.%29%20WEB%2012-3-10.pdf

but it's expensive.
http://www.grainger.com/product/PANDUIT-Handheld-Embossing-Tool-30PR57

For cold storage, a stainless steel wallet is pretty safe.

https://www.indiegogo.com/projects/cryptosteel-the-ultimate-cold-storage-wallet#/

http://themerkle.com/wp-content/uploads/2015/03/crypto-steel-1.jpg

http://res.cloudinary.com/indiegogo-media-prod-cld/image/upload/c_limit,w_620/v1431881959/i0d3x8onbr7ozrz5wjaz.jpg

maybe trezor v2. will have the 'webwallet' on the device next time. that way it can auto run on offline computers without the need of web extensions or communicating to trezor server.

then your free to push the TX to any miner/network user you choose.

i think those believing trezor is infallible have never thought of a hacker tweaking the web extension to do man in the middle attacks..

If you're willing to spend some time reading code, I highly suggest going to https://github.com/trezor/ to see the sources of the firmware and examples of writing your own webwallet using the trezor. https://github.com/trezor/webwallet shows a working example of a webwallet, and you can clearly see that at no point the wallet sees the private key/pin etc at all.

This. The PIN is used to encrypt the privkeys on the device itself.

And no, trezor is not dependent on their website - there's sources on the github showing you how to use the trezor to interact with another service, or even your own. Trezor is just a secure storage device for the keys and for signing the transactions. It's secure because the keys never leave it, and all signing takes place on it. That's why if you have a highly fragmented input (faucets etc) on an address on your trezor, it'll take forever to sign the transaction. The Trezor site/extension is just a place for the trezor to broadcast the signed tx, and to interface with it.

IMO, Trezor is probably the safest way for most people to store bitcoin. I would certainly have no problem storing 50 BTC in a Trezor.  I don't think I would carry that Trezor around with me when I was out and about, however, if only because I would be worried about "rubber hose cryptography".

If your Trezor fails you can recover your funds with another Trezor or a software wallet, from the seed words.  If you are capable of reliably storing paper wallets you will be able to reliably store your seed words, since this has to be done only once.

There are risks with any method of storing bitcoin.  As far as I can tell, Trezor is as safe as a paper wallet.  In practice, it is likely to be considerably safer than a paper wallet that is (eventually) spent, because to spend the bitcoins in a paper wallet one must load the private key into a computer that may be compromised.  The risks of operational security errors with paper wallets strikes me as much higher than with Trezor.  I use Electrum to access the funds controlled by my Trezor, so I don't need to use the Satochi Labs web client.  The same Trezor also works with the Multibit HD wallet software.

i have trezor too and for that why i post this thread , becasue i want know if it good enough for using it for 50 btc+ or i will use paper wallet.

I don't think there is any possible way, that trezor could get shut down. Atleast not like mt gox. Since the key is stored on the device not on the computer, I think that other sites are going to start offering the same service that trezor is offering.

No, I do not think that is the case. The PIN is stored on the device itself, not on Trezor's servers. Where are you getting that information?

You can recover your bitcoin by creating an Electrum wallet from your Trezor seed.

Ledger out of the box is not as secure as Trezor because of the lack of a screen. You have to initiate Ledger on a secure computer or risk theft of your seed by a key logger. The screen also allows you to confirm that you are sending to the intended recipient. I have both and rarely use the Ledger any more as I much prefer Trezor.

bip32, is paperwallet brainwallet technology.. but thats separate matter, not about actively using the hardware wallet..

for instance you can stamp on a trezor and burn it.. but still have to use the paperwallet elsewhere.. the question the OP asked was.. USING trezor..
as an active device.. is it safe.

no.. the trezor key (pin code, not privkey seed.. but the set up pin) is uniquely linked between the device and trezors servers.
to USE the trezor device, you need browser extensions and access to trezors website..

again im not talking about the privkey seed wrote on paper, im talking about the trezor device..

A piece of paper wrapped in plastic will never malfunction and can survive anything. An electronic device can malfunction and you can drop water or beer on it or whatever by accident. I know what I would use for long term storage.

I don't like trezor- too many moving parts (led screen) I always feel it could break. I much prefer ledger. Much simpler. Fewer worries. Ledger also costs a lot less. I'm not sure why trezor is so popular, I guess people think more money = better product... Worked out pretty good for Mac (which is garbage, but expensive therefore amaze balls)

They use BIP32 seeds so you can still retrieve the seed from the device and import it to a wallet like Electrum to spend the coins.

I don't think so. It connects to other wallets so I think it is still usable with other wallets, it doesn't need trezor's servers

Also, all of the code to the firmware of a trezor is online on github. People can still contribute to that code and update the firmware. You can also flash it yourself to the device.