I sometimes think people like this are doing this purposely to train our collective scam busting skills.

In this case, it'll be Level 0 in the anti scamming manual.

Now I think I've seen everything on sale for bitcoin... That has to be for summoning the devil or something...

PS: That link he's trying to post actually links to the pic. I've seen that image hoster before, and I don't really think it's malicious. Just my .02 bit cents

1% per day. That reminds me of a certain pirate.

DO NOT USE THIS.

OK, seeing that I'm still not sleepy enough yet...


Yes, that's correct. Nothing is infallible, not even a steel card that holds my current seed, not even Fort Knox. Always keep multiple secure paper/metal/etching/<insert permanent storage here> backups, and check on them often. ALWAYS. I used to even keep the Armory seed for my escrow wallet with my lawyer, with instructions to distribute them accordingly should anything happen to me and my next of kin.


I'm not going to repeat myself, but trezor is not dependent on the website or anything proprietary. Already I've been using the trezor with other open source software out there. I've not really used the site except to try it out. Please read my former posts. *facepalm*


Awesome - we have another agreement here.


If anyone falls for that, it would be the equivalent of someone making a site that says 'Secure Bitcoin Storage with 10000% Interest rate - Send to this address!' and someone actually falling for it. There are multiple warnings that state that your seed is basically your bitcoins, and should you leak it it's your own fault for doing that.


See a) for the equivalent - would you download anything that's closed source and new? Any reputable software that works with bitcoin is open source - anything that's closed should be taken with a grain of salt and be avoided in secure environments. Also, in an actual situation where someone uses a hijacked system, and is gullible enough to trust the software to type in his seed (and the software succeeds in resetting the trezor), the trezor actually requests the seeds at a randomized order, and all 24 seeds have to be in a specific order to actually compute the private keys needed. The order is only shown on the trezor, and the software would have no idea of the order of the key requested. Unless I'm much wrong (it's 4am and I just had my nightcap after all) , there's exactly 24 permutate 24 possible combinations here, which gives me 620448401733239439360000 probabilities using a random webpage calculator. That's no small number to bruteforce and to check for the coins, right.  


How would you propose 'cloning said data'? The bootloader fuse is blown, and therefore the security logic part of the firmware is rendered unflashable. If said attacker tries to load a malicious firmware on it in order to clone the seed, there would be an invalid signature shown, and the seed is removed if the user decides to load it anyway.
one particular source: http://bitcoin.stackexchange.com/questions/32544/how-can-trezor-update-firmware-but-never-receive-malware



Yep, I still agree with you that it's infallible - but similar hardware wallets like this is the best bet of a hot/semi hot wallet at the moment. And no, there's no 100% solution as of now. Nothing is perfect and nothing is 100%.



Agreed. Just make sure you have adequate security practices (new airgapped pristine operating system installed, fully random RNG's using casino dices etc) and you're willing to go through all of this if you're planning use your cold wallet often.

Python script that only works with Windows not Linux.

I think everyone is getting trolled here.

By posting outside Meta, you're technically breaking the rules again.

Still doesn't solve the problem of coinbase getting gox'ed.

The trezor basically only generates the tx (by signing it a-la how any bitcoin client works) and the webwallet pushes it. The trezor is basically the 'offline computer' factor in a secure wallet setup. The only 'sensitive' (where anyone with that public key would be able to see your future transactions, but not spend any of your bitcoins) date would be the public key which is transmitted to the 'webwallet' in order to show you the transactions made by the addresses. MiTM attacks are handled by the fact that the actual addresses are shown on the screen before the device signs it, so when the address is different from the one you're planning to send to, you'll know there's something fishy up there. The TX itself is not a valuable information as at worst the attacker can only refuse to broadcast it. Having the tx itself is not beneficial in any way as the hash would be invalid if any changes were made - as in where a PGP signed message cannot be modified without invalidating the signature itself.

Electrum, Multibit and a few others are amongst examples of independent softwares utilizing the fact that you're basically free to push the TX to any miner/network user that you choose. You can run it on any offline computer by utilizing the command line/API that comes with it obviously.

Full disclosure: I recently bought a trezor after using Armory on an offline netbook for a few years (when I escrowed a lot). I've studied the source code and understood how it actually works  before plunking down the cash for it, and I'm currently writing some tools for it.

If you're willing to spend some time reading code, I highly suggest going to https://github.com/trezor/ to see the sources of the firmware and examples of writing your own webwallet using the trezor. https://github.com/trezor/webwallet shows a working example of a webwallet, and you can clearly see that at no point the wallet sees the private key/pin etc at all.

This. The PIN is used to encrypt the privkeys on the device itself.

And no, trezor is not dependent on their website - there's sources on the github showing you how to use the trezor to interact with another service, or even your own. Trezor is just a secure storage device for the keys and for signing the transactions. It's secure because the keys never leave it, and all signing takes place on it. That's why if you have a highly fragmented input (faucets etc) on an address on your trezor, it'll take forever to sign the transaction. The Trezor site/extension is just a place for the trezor to broadcast the signed tx, and to interface with it.

Got myself a trezor to play with, and I'm adding a new bitcoin address here.


The bitcoin signature: (different message as too long)

No idea, but the relay block service is active now with the latest git master.

I've been through this a few years ago when I first bought something off eBay. My first purchase was a gold bullion collectible, and the seller actually called me to verify if I was a con. The transaction went well though.

Never mind, I got it working now. Gonna find the time to update it to 0.12 next.

The number of possibilities is so much more that it'll take more then the energy then the heat death of the universe to generate it.

More background: http://stackoverflow.com/questions/4014090/is-it-safe-to-ignore-the-possibility-of-sha-collisions-in-practice

Hmm... so the server is up to date with the newest blocks now, but I'm still not getting more connections then 8. I've verified that it can be reachable from outside networks.

Package deals with operators (globe etc), carded accounts, promotions not meant for that account etc. I've had 3 spotify accounts downgraded to free within a few days, 2 weeks and 3 weeks. (one from globe, one from a weird 'promotion' someone had, and one from someone refusing to tell me roughly the source of the upgrade.

This +1. I've tested a lot of '1 year upgrades' - all of them didn't last more then a month. I'd be really interested if you can prove this isn't going to end up with my account banned/downgraded too. Thanks!