Do you have any link with more information about this staying the same like in model One? Already edited my post above - looks like it will support entry on the hardware wallet. But even Trezor T still allows users to enter the passphrase on the computer instead. They really need to remove this option altogether, but they can't while people still use the Trezor One I guess (which will be the case for many years yet). Similar to the BitBox right? And Passport and Coldcard. But completely different to Ledger, who to my understanding run BOLOS on the secure element itself. Its different because BitBox02 and Trezor Safe 3 both storing the seed on the MCU and not on the SE. Passport and Coldcard store the seed on the SE. If I'm wrong please correct me.
|
|
|
Similar to the BitBox right? We do not run code on the chip itself. The Secure Element simply stores a secret that can be used to decrypt the recovery seed, i.e., it never actually knows what your recovery seed is. The Secure Element in the TS3 protects your PIN (without learning it), which releases a secret (stored on the Secure Element), which in turn protects your recovery seed (stored only on the Trezor Safe 3 general purpose chip, encrypted by both the device PIN and the secret stored on the Secure Element) https://trezor.io/learn/a/secure-element-in-trezor-safe-3
|
|
|
Someone asked whether the SE is open source or not. The answer was: It is not, but the secure element we chose allows us to disclose any vulnerability, if we find any. So before our Tropic Square open-source chip is ready, the OPTIGA Trust M secure element was the best option. https://twitter.com/Trezor/status/1712469783281848515
|
|
|
Bitcoin Takeover podcast, Matej Zak and Vlad Costea (August 8, 2023): But speaking of Trezor, there are some exclusive news to be discovered in this interview: first of all, Trezor is planning to launch two new hardware wallets in 2023 and 2024. The first one is an affordable unit which improves on the Trezor One design and retains the physical buttons – the code name for it is Trezor Model R, and according to the ongoing GitHub commits it features a 3-button layout, a USB-C connector, and a SLIP39 (Shamir Secret Sharing) integration. If it costs around $70, the Trezor Model R is bound to be the most affordable Shamir-powered hardware wallet on the market. It’s bound to launch sometime during the fall of 2023.
The second hardware wallet that Trezor will add to their line is a more high-end device. Not too much information is known about it, but it’s expected to be more feature-packed than the Trezor Model T and get sold at a similar or even lower price point. The expected launch date is sometime in 2024, but the bad news is that it won’t come with the Tropic Square open source chip.
According to Matej Zak, Tropic Square‘s TASSIC (Transparent Authenticated Secure Storage Integrated Circuit) chip is still in testing phase and will enter production sometime in 2024. Therefore, it can’t become available sooner than the year 2025. The good news is, however, that Trezor will be the first company to benefit from this unique security chip. So the Czech-made hardware wallets will finally get the kind of uncompromising physical security that they have been seeking. https://bitcoin-takeover.com/s14-e3-matej-zak-on-trezors-new-hardware/You can listen to this podcast on Spotify, Apple Podcasts & YouTube.
|
|
|
@dkbit98 could you add Specter DIY and SeedSigner please?
|
|
|
Bluetooth is not recommendable. Better to get a USB hardware wallet, but not still that recommendable, the best is to just make use of QR code while making transaction which is better. Have you seen a device that its bluetooth will always be on? I haven't seen such a device before.
2. QR codes allow visually representing the same information. Because the transaction is too big for a single QR code, an animated code is used. Again, the information is not human readable, and another wallet is needed to verify the data. If you simply try to read the data with a regular QR code scanner, you’ll be none the wiser: Judging by the article, it's not that easy to verify the QR code after all. Every hardware wallet has its pros and cons. Is it safer? I'm not sure. https://shiftcrypto.ch/blog/does-airgap-make-bitcoin-hardware-wallets-more-secure/This is also very interesting. It might help you to purchase/order a Trezor somewhere else. https://blog.trezor.io/is-banking-grade-security-good-enough-for-your-bitcoins-284065561e9b#.vc68zeeqp
|
|
|
How do we know the device (Blue Wallet, Passport.. etc.) wouldn't transfer the seed off itself using QR code? Keystone: Keystone’s QR codes are transparent. Users can verify what is getting in and out of their hardware wallets, ensuring no sensitive information is leaked. The team released the hardware wallet industry’s first open-source tool to decode the QR codes for users to know how the software works and enable signing off on intended transactions. With Keystone, you are able to decode the QR code content in an easily readable fashion, showing you exactly what the hardware wallet is sending to the Keystone Companion app, and allowing you to verify that no sensitive data is being leaked. Can this also be used for all other QR codes? Source: https://blog.keyst.one/ever-wondered-what-your-hardware-wallet-inputs-and-outputs-9b33b4cedafd
|
|
|
Edit: It uses Google Firebase. If I don't absolutely have to, I'd prefer to skip Envoy for now.
I guess that confirms I was wrong [they "didn't" alter the foundation letters' color into black], but while we're waiting for n0nce's review, I'd like to complain about their packaging: - On their "unboxing video [part one]", I noticed only the outer box comes with a tamper-evident seal and the inner/main box is only bubble & shrink wrapped! I do know there's a way to check and verify if you've got the correct product, but this way of packaging still gives certain users a chance to figure out a non-detectable way to bypass such things in the future.
Unfortunately some custom offices open the sealed package. The device comes with or without firmware?
|
|
|
Another quick update : It seems like some Twitter users have started receiving their orders[1][2]. Albeit the absence of updates from n0nce makes me think he/she hasn't received their notification, I hope that this update from Foundation[3] makes him/her happy: @Foundationdvcs - We expect to have all current orders shipped by the end of the month. Thank you for your support and patience! Thanks for the update! I haven't got mine yet, but even when I do get it, I will need a bit of time to unbox, review and compare to v1 of course. I'm glad to hear that they are finally shipping. I also noticed that their Envoy application is now available, but I'm not sure what you guys think about this topic. Installing an application (binary), compiled, from an app store, that holds the xpub of your hardware wallet? There is no way of verifying it not breaching user privacy. It could easily do a one-off HTTP request, sending the xpub to Foundation. I might find the time to have a look at their source code to at least check they don't have Google AdSense or other known spying frameworks in use, as I believe that's one of the biggest 'black boxes' in most mobile applications. Which wallet do you use?
|
|
|
Why not BitBox02? In my opinion the smarter choice. They don't even trust the seucre element and don't store any important information there. Here you can learn more about it: https://shiftcrypto.ch/blog/best-of-both-worlds-using-a-secure-chip-with-open-source-firmware/The closed-source drawback Secure chips are not even that expensive, so why does not every hardware wallet use them? The main drawback is that secure chips are closed source. Firmware running on a secure chip cannot be released as open source due to enforced non-disclosure agreements.
When it comes to firmware securing your bitcoin, creating random seeds and signing transactions, trusting closed source software that cannot be independently audited is just not good enough. In our opinion, you should not need to trust the manufacturer of your hardware wallet (and all its individual employees) to belong to the “good guys”, diligently finding their own bugs without independent reviews and then actually fixing them.
|
|
|
Hat sich wohl erledigt.
|
|
|
So, BTCitcoin fell to 20K as some were hoping for. But what was the reason for that. From what I've read in https://www.zerohedge.com/markets/great-celsius-implosion-what-went-wrong-and-how-much-more-will-bitcoin-drop it is another imploding "blockchain" company. tl;dr. Celsius may have started as an arbitrage platform giving yield for those fools lending their BTC and shitcoins. But as the arbitrage dissapeared 6 months ago, they simply became a ponzi risking their client assets by making enourmous shorts. They had more than enough BTCitcoins to stop any increase in the price, liquidating practically 100% of the longs. But their problem is that what they do is perfectly visible by everyone. People started to realize slowly they've been scammed just like bitconnect. Now their margin call is at 16.8k (used to be 18.3K yesterday) as seen in https://oasis.app/25977#Overview. How much collateral BTC they will be able to add is unknown. Now we have a proof that all this downard pressure in the last 6 months was caused partially by this ponzi, who could give yields in BTC only if the price was falling. So, we need to cut off the cancer ASAP. People have to withdraw their funds and invest properly in BTCitcoin. After that I'm quite confident BTCitcoin will start recovering. Massive liquidation if Bitcoin prices fall below $16,852.58?
|
|
|
Are there other wallets that use such a procedure? I think it's very good what ColdCard does. So you don't have to fully trust the SE.
|
|
|
How about PortaPow?
|
|
|
That's why I don't want to buy from Amazon, Cryptomaan or anything else.
Sorry, but I don't understand what do you mean exactly... You plan to order hardware wallet, but you already know that you are going to return it later or what? It's pretty standard procedure and I don't remember last time I had to return something that I ordered, especially if it was paid by bitcoin. I may have expressed myself wrong. I was concerned that if I would order the wallet, I would only buy it from the manufacturer himself. Because at Amazon, Cryptomaan etc. the products can be returned. For me, this is no longer a security product. There have already been enough cases like e.g. with Ledger. Fake ledgers were sold there. They looked exactly like the originals. I want to say that the Foundation is on the right track and does not accept returns after shipping. https://www.reddit.com/r/ledgerwallet/comments/8v5d43/is_my_ledger_fake_i_ordered_this_from_amazon_from/
|
|
|
Does the Foundation ever consider sending the devices themselves from the EU, e.g. to Austria, Switzerland, etc.? Then you don't have to trust the reseller.
They ship international to most countries but shipping can be expensive, so I recently saw someone who is opening EU based shop, but I am not sure if this is official reseller or not. All this is for Passport Foundation Edition, and I don't think there are any resellers who are selling new batch devices. Maybe you should contact Foundation team to find more information about this. But you can not deliver the package to the parcel lockers. Because of customs etc. there are problems. For example, Keystone has recently started to deliver directly from Europe.
Is this Keystone Amazon EU store opened or you are talking about something else? Yes it is the Amazon store. Cryptomaan: You have the right to return your order up to 14 days after receipt, without having to state your reasons, provided the seal hasn't been broken. When the seal is broken, your order is finalised and can no longer be returned. If you wish to make use of your right of withdrawal, then you have another 14 days to return your product after the cancellation. The return costs will be at your own expense. Foundation: Since Passport is a security device for storing Bitcoin, we cannot accept product returns. That's why I don't want to buy from Amazon, Cryptomaan or anything else.
|
|
|
|