 Show Posts
|
|
Pages: « 1 [2] 3 »
|
Extracting the Private Key from a TREZOR... with a 70 $ Oscilloscope http://johoe.mooo.com/trezor-power-analysis/Conclusion
Side channel attacks are not as difficult as many people think. A simple power analysis requires only a simple oscilloscope and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge about the code that is running. It took only a single recording of the computation of the public key, to recover the private key. On the bright side, this simple side channel attack can be mitigated by using constant-time code and as I showed this code does not have to be slow.
The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key.
There is no complete protection against all kind of attacks. If your TREZOR gets stolen and it has no passphrase protection (or if the passphrase is weak), you should transfer the coins to a different wallet. There are other attack vectors like fault injection that could still be used and may get around the PIN protection. Basically, they use the fact that the microprocessor does unexpected things if power supply or the clock signal is broken. These are much more difficult to perform, but they are probably less expensive than using an electron microscope to read the seed from the chip. Also, there may be a bug in the microprocessor that allows for circumventing the read-out protection.
Nice to see people working on breaking the Trezor and making it stronger! |
|
|
|
|
Are there any privacy concerns with using the Trezor for signing into websites? Is master public key shared or info that can link bitcoin addresses with identities? Does each website use it's own private key/public key for authentication?
-
|
|
|
|
332 BTC volume today on poloniex but almost no price movement. It's hard to make a case that it will go lower at this point, there is just no meaningful liquidity (25-50+btc) on the ask side without pushing the price up 15%.
Shapeshift.io just added XMR support and it looks like the database is one step closer. Development wise it looks like there are good things on the horizon.
Shapeshift announcement: https://twitter.com/ShapeShift_io/status/585570515139563521Pull request to merge database into master: https://github.com/monero-project/bitmonero/pull/256Interesting. So BTC -> ShapeShift XMR -> XMR.to = completely anonymous payments using BTC? Timing-wise there are potential issues with that 1.123 BTC -> XMR -> 1.122 BTC over a short period of time might be fairly obvious. Of course it depends not the amounts and the level of activity on BTC at the time. If BTC has 1000 tx/sec that would be a lot more obscure than currently Hmmm, so close to being able to do BTC to BTC payments with XMR in the middle. So the easiest for mainstream users would be to use the xmr web wallet and fund it with extra then use xmr.to? |
|
|
|
332 BTC volume today on poloniex but almost no price movement. It's hard to make a case that it will go lower at this point, there is just no meaningful liquidity (25-50+btc) on the ask side without pushing the price up 15%.
Shapeshift.io just added XMR support and it looks like the database is one step closer. Development wise it looks like there are good things on the horizon.
Shapeshift announcement: https://twitter.com/ShapeShift_io/status/585570515139563521Pull request to merge database into master: https://github.com/monero-project/bitmonero/pull/256Interesting. So BTC -> ShapeShift XMR -> XMR.to = completely anonymous payments using BTC? |
|
|
|
I don't see why GBTC isn't being priced in already. There is a very good possibility that institutional money that CANNOT buy on the open market will flood into GBTC. The price of GBTC may very well be 10-20% higher than the exchanges for a while but as early adopters of BIT arbitrage, exchange prices have to follow.
Would long term BIT Trust holders convert to GBTC shares to sell as long as it is higher than their buy in and use profits to buy back BIT for a year? Would that help stop the premium on GBTC getting too high? |
|
|
|
|
What would be the advantages of FACTOM over a FACTOM clone where the mining is removed from the data layer and the database of hashes is under centralized control for whoever is using the FACTOM clone?
The security seems to be the same since the top hash is put into bitcoin in both systems. The ability to audit seems similar too.
The blockchain adds irrevocable hashes in the FACTOM blockchain but couldn't FACTOM clone just publish the database of hashes for anyone to mirror if that was important?
Have you speculated on if people will stick with FACTOM for simplicity or will a whole slew of clones appear customized for each client? FACTOM like systems seems like they could be quite useful for a lot of uses.
|
|
|
|
Are you aware that you key in the words in a sequence requested by the Trezor via the Trezor screen? The computer can know the words, but not the order.
I was aware of that, and it's not a terrible scheme, but it would be much improved if the input device didn't even know any of the words I suppose it could be done with the current Trezor hardware, an alphabetical list of all the words, move up and down with the buttons, and extra button press to select a word. Easier with a few more buttons though. The question is, is the extra security worth the added complexity? It would be even easier: bring up the list of words and associated number and enter the words by entering a number using the pin pad. The computer would not know any of the words. |
|
|
|
And that's the only other part of the Trezor system I dislike, although it's not so bad if you can use the trezor-python library commands from an offline system. Sure, it would make the seed restore operation less user friendly, but who needs that with a function you're unlikely to use all that often? (or at least not as often as other functions like signing transactions)
i think everyone is underestimating the desire to test the restore function just to be sure one doesn't load a bunch of BTC to the Trezor, lose the thing, and then find out you mis-copied a word. I'd feel more comfortable testing mine if I could enter the words with the pin pad. I wouldn't have to worry about any knowledge of the seed being leaked. |
|
|
|
|
Restoring seeds always seems to be the weakest link in the whole system. If the "Trezor Tools" app implemented "advanced word entry" by inputting the seed words using the pin pad it would be impossible to steal the seed instead to too difficult to brute force the order. The user would have to look up each seed word and find the associated number and enter it using the randomized pin pad. The host computer would not be able to decipher the word being entered just like the PIN code.
|
|
|
|
Perhaps you mis-read my post? I don't want Android to create the seed, I just want an app that will send the signal to the Trezor for the Trezor to make one.
I did misinterpret what you meant by "initialize seeds". But "restoring seeds" definitely satisfies the concerns I raised, I would not promote the restoring of seeds with any online device. Ah, I was worried I was confused about how it works. At least the restoring seed would work like mytrezor.com where the order of words is only known to the Trezor. For the average user would you say using Android would be safer than Windows for this procedure? |
|
|
|
I thought the whole point of Trezor was to enable secure bitcoin operations on an insecure environment? Trezor internals are considered secure. Seed is ultimately the most sensitive wallet information. So, the seed should only be created with the Trezor internally, that's a part of their security model. Creating the seed on an online OS with very little built in security compromises that model. Android had a security flaw with it's random number generator a few months back, Bitcoin Wallet for Android users basically discovered the issue, as it was being used to systematically target Bitcoin Wallet Android to steal the funds. Seed creation will make use of the RNG. It's patched, but how confident do you feel? Thanks for the reply but aren't pretty much all Trezors set up with mytrezor.com? Since Trezor uses deterministic seeds from a random pool it creates and combines with the host computer I'm failing to see why setting up Trezor on an Android is a bad idea? People are setting up their Trezors offline? Perhaps you mis-read my post? I don't want Android to create the seed, I just want an app that will send the signal to the Trezor for the Trezor to make one. |
|
|
|
There you go. Learn how to use those linked tools. Android... it's not just Android, but the devices it typically runs on, too. But even on it's own, Android has a poor record when it comes to security (specifically cryptography, which Bitcoin relies on) I don't know if buying a computer and compiling software on another system is useful for Android users. Trezor was built so it doesn't depend on the host's computer security. All the secure elements remain on the Trezor. Even if the Android was a spy device how would the "Trezor Tools" create a bad seed or PIN? I thought the whole point of Trezor was to enable secure bitcoin operations on an insecure environment? |
|
|
|
Android, no. That's a terrible idea.
What's wrong with Android? Don't you think it would be useful for everyone who doesn't have a computer but has a phone? |
|
|
|
http://www.reddit.com/r/TREZOR/comments/31mvmx/trezor_needs_a_new_simple_android_app_a_tools_appI really think it would be useful if SatoshiLabs made a tiny app for Android that did some of the basic Trezor commands. It wouldn't even need to offer any wallet or address functionality. Some type of "Trezor Tools" that: initializes new seeds, restores seeds, sets pin, sets Trezor label, and updates firmware. This leaves all wallet operations and support to the wallet software and ensures that users use official software for the more critical operations. This would enable people to fully use the Trezor without a PC and only Android is needed. It could even pave way for an "Android Edition" Trezor with a OTG cable instead that has the ends for the phone and Trezor! 
|
|
|
|
Winkie ETF is a long way away, if it ever does happen. The Gemini exchange needs to happen first. Gemini exchange doesn't launch without Lawsky's regs.
I am quite curious as to what happens to GBIT once someone finally puts an ask in with their shares. While the volume of bids at this point is negligible, the interesting bit happens once they start getting filled. The longer those bids at $350/btc sit unfilled, the more bullish things appear (contrary to bears and trolls saying it's dead). It seems likely that no one can sell shares at this point. We don't see immediate action as these shares travel by post, secretaries, and primate entry. It's even slower than I expected.
There has to be at least one BIT investor with 12 month shares that is willing to sell at a 30% immediate gain. If not... that's even more bullish.
And the longer it takes the better bitcoin looks for moving assets with something like colored coins. The old system seems sooo slow. |
|
|
|
Anyone complaining about development just take a look at this:
bitmonerod is using only 34 MB of RAM.
What kind of numbers was it before? |
|
|
|
Any chance for a poll update:
What day will GBTC trade openly on the NYSE?
-Monday
-Tuesday
-Wednesday
-Thursday
-Friday
-Next week or later.
I know I'll have my trading window up at market open tomorrow.
Not NYSE but OTC Markets. Monday is my guess. |
|
|
|
GBTC sold 75 btc's in 2 weeks....
Trading hasn't started. The sellers haven't showed up yet. |
|
|
|
|
Electrum on Windows with Trezor gives the following error when using a separate password from the one used during setup: "This wallet does not match your Trezor device"
Is there any way to use multiple passwords with the Trezor and Electrum?
|
|
|
|
|
