Bitcoin Forum
December 15, 2024, 12:51:00 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 [91] 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966230 times)
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1138

All paid signature campaigns should be banned.


View Profile WWW
August 02, 2014, 05:59:44 PM
 #1801

If you loose your device, do you need a new trezor to recover the coins or is there a tool to do so?
The adroid ap wallet32 works great.  I have tested it with 12, 18 and 24 words.  I still have not gotten around to testing it with a password yet but that is also supposed to work.

I:

Created a wallet on Trezor
Put some BTC in the wallet
Pretended to lose it
Entered the words into Wallet32
All my BTC and transactions magically appeared on my phone and I could spend them from there

Of course then I created a new wallet on the Trezor.

If I get time I plan to test it with passwords also.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Hawkix
Hero Member
*****
Offline Offline

Activity: 531
Merit: 505



View Profile WWW
August 02, 2014, 06:02:30 PM
 #1802

Any plans to produce Trezor with different color of plastic, namely BLACK one?

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 06:26:46 PM
 #1803

Any plans to produce Trezor with different color of plastic, namely BLACK one?

Yes, we do plan various colors including black. However it will take some time, for now we're focused to seamless distribution of Trezors and on adding express shipping. Unfortunately there're still places around the world where national posts barely work so DHL or similar are the only choice...

P_Shep
Legendary
*
Offline Offline

Activity: 1810
Merit: 1246


I guess this is OK.


View Profile
August 02, 2014, 07:03:43 PM
 #1804

Love that you can plug it in any computer and use it without having to log in to anything Smiley
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 07:38:19 PM
 #1805

Love that you can plug it in any computer and use it without having to log in to anything Smiley

We're working on Trezor-backed web password manager with the same feature. You'll be able to reach all of your passwords on any computer (with Trezor connected, of course), without need of typing any "master password" as is common in standard password managers (like Keepass).

You'll just choose which password do you want to unlock at the time, so you'll be able to log into any website on friend's computer without a risk of revealing internet banking credentials or other high profile passwords...

Edit: Password manager is of course needed for sites which do not offer challenge-response authentication, but I believe that some day at least bitcoin-related sites will implement password-less login into their site like GreenAddress already did: https://twitter.com/GreenAddress/status/479939415088062464

dillpicklechips
Hero Member
*****
Offline Offline

Activity: 994
Merit: 507


View Profile
August 02, 2014, 07:41:40 PM
 #1806

Love that you can plug it in any computer and use it without having to log in to anything Smiley

We're working on Trezor-backed web password manager with the same feature. You'll be able to reach all of your passwords on any computer (with Trezor connected, of course), without need of typing any "master password" as is common in standard password managers (like Keepass).

You'll just choose which password do you want to unlock at the time, so you'll be able to log into any website on friend's computer without a risk of revealing internet banking credentials or other high profile passwords...
Very cool, I'd love details on how it would work!!!!!
TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
August 02, 2014, 07:41:55 PM
 #1807

Is there customs fee when shipping to austria?

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 07:45:38 PM
 #1808

Is there customs fee when shipping to austria?

No, Both Austria and Czech Republic are in Schengen area.

TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
August 02, 2014, 08:02:39 PM
 #1809

Is there customs fee when shipping to austria?

No, Both Austria and Czech Republic are in Schengen area.

Oh, I missed that you are shipping from CZ. I somehow thought this was US/else.

Good!

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 02, 2014, 08:12:03 PM
 #1810

Love that you can plug it in any computer and use it without having to log in to anything Smiley

We're working on Trezor-backed web password manager with the same feature. You'll be able to reach all of your passwords on any computer (with Trezor connected, of course), without need of typing any "master password" as is common in standard password managers (like Keepass).

You'll just choose which password do you want to unlock at the time, so you'll be able to log into any website on friend's computer without a risk of revealing internet banking credentials or other high profile passwords...

Edit: Password manager is of course needed for sites which do not offer challenge-response authentication, but I believe that some day at least bitcoin-related sites will implement password-less login into their site like GreenAddress already did: https://twitter.com/GreenAddress/status/479939415088062464

You guys are so amazing!

How far do you suppose one could take this thing? Do you suppose it will be possible to leverage this technology up to the point of creating a completely secure computing environment? Basically so processes could only be run with a trezor signature. Maybe im just crazy but is it possible to create a situation where even a hardware backdoor on your computer system would have limited to no functionality so long as there were no back-doors in the OS or other software?

Of course this all assumes that there is no back door in the trezor, but the hardware there could be simple enough to audit while it may not be practical to do so with a modern computer.

Again maybe im crazy. I'm not a computer scientist. Just an enthusiast who is fascinated with this technology.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 08:16:45 PM
 #1811

So nice, if the feature is good, I can like this even more than wallet function.
Can you give us more information on how it will work technically with some details? (His are stored password, where are they decrypted, what is transmitted to website and host computer...)

The specification is to be released, but generally Trezor has currently capability of AES and ECIES, asymetric cipher based on elliptic curves, and feature of encrypting/decrypting key-value structures. Combining this with hierarchical structure of private keys generated from Recovery seed, there's unlimited count of cipher keys (AES) or private/public keypairs for ECIES which can be used to protect user data.

Each password is basically key-value pair, where 'key' is some identity (username, site) and value is encrypted password for such login. Computer stores blob of these keypairs (it can be local file or cloud-stored file on dropbox, google drive or anything else). Password manager (website like mytrezor) just renders list of stored keys
(services and logins). If you click the key, value is sent to Trezor, it asks you if you really want to reveal such credentials to connected computer and if so, manager unmask your password just for this particular site.

The encryption will be protected in the same way as sending bitcoin transaction, so PIN and (optional) passphrase.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 08:24:57 PM
 #1812

How far do you suppose one could take this thing?

In near future (except improving Trezor for bitcoin signing usage like BIP70 and multisig) we plan to turn Trezor into identity management token, something similar like failed myIDkey. In contrary to megalomaniacal vision of myIDkey, we want to start with low hanging fruit and improve stuff as time go.

There's already proof of concept for harddisk encryption protected by Trezor: https://github.com/trezor/python-trezor/blob/master/tools/encfs_aes_getpass.py This works only on Linux, but the concept can be implemented on any OS.

There's plenty possibilities how to integrate Trezor with all stuff directly, like PEM modules on Unix (ssh), Windows login, website authentication, email encryption and signatures etc.

It's really wide scope. Let's see how much interest of Trezor there'll be in Bitcoin community first :-).

molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
August 02, 2014, 08:31:10 PM
 #1813

How far do you suppose one could take this thing?

In near future (except improving Trezor for bitcoin signing usage like BIP70 and multisig) we plan to turn Trezor into identity management token, something similar like failed myIDkey. In contrary to megalomaniacal vision of myIDkey, we want to start with low hanging fruit and improve stuff as time go.

There's already proof of concept for harddisk encryption protected by Trezor: https://github.com/trezor/python-trezor/blob/master/tools/encfs_aes_getpass.py This works only on Linux, but the concept can be implemented on any OS.

There's plenty possibilities how to integrate Trezor with all stuff directly, like PEM modules on Unix (ssh), Windows login, website authentication, email encryption and signatures etc.

It's really wide scope. Let's see how much interest of Trezor there'll be in Bitcoin community first :-).

this is so cool!

you're making the world a safer place ;-)

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 02, 2014, 08:33:35 PM
 #1814

How far do you suppose one could take this thing?

In near future (except improving Trezor for bitcoin signing usage like BIP70 and multisig) we plan to turn Trezor into identity management token, something similar like failed myIDkey. In contrary to megalomaniacal vision of myIDkey, we want to start with low hanging fruit and improve stuff as time go.

There's already proof of concept for harddisk encryption protected by Trezor: https://github.com/trezor/python-trezor/blob/master/tools/encfs_aes_getpass.py This works only on Linux, but the concept can be implemented on any OS.

There's plenty possibilities how to integrate Trezor with all stuff directly, like PEM modules on Unix (ssh), Windows login, website authentication, email encryption and signatures etc.

It's really wide scope. Let's see how much interest of Trezor there'll be in Bitcoin community first :-).

This is so much bigger than bitcoin. Its awesome though that you have bitcoin as a means to get your foot in the door. That will allow you to succeed where myIDkey failed. Technology like this could totally neutralize the surveillance state. You guys are going to change the world.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 08:38:26 PM
 #1815

Actually I started to worry about passwords and password management since the pool became a real business. Then I realized how weak are all those tools for managing passwords, from security perspective.

Unfortunately even today, most of users don't care about their passwords at all. I see this also on pool which has hundreds of thousands accounts; lots and lots mailboxes get hacked every day. (fortunately pool provides 2FA as well as wallet locking, but those are just workarounds for the fact that all password-based internet infrastructure is extremely weak).

I really hope that if people will have Trezor in their hands already, they'll start using its password management capability, if it will be convenient enough...

TwinWinNerD
Legendary
*
Offline Offline

Activity: 1680
Merit: 1001


CEO Bitpanda.com


View Profile WWW
August 02, 2014, 08:41:45 PM
 #1816

Actually I started to worry about passwords and password management since the pool became a real business. Then I realized how weak are all those tools for managing passwords, from security perspective.

Unfortunately even today, most of users don't care about their passwords at all. I see this also on pool which has hundreds of thousands accounts; lots and lots mailboxes get hacked every day. (fortunately pool provides 2FA as well as wallet locking, but those are just workarounds for the fact that all password-based internet infrastructure is extremely weak).

I really hope that if people will have Trezor in their hands already, they'll start using its password management capability, if it will be convenient enough...

A bit offtopic, but wouldn't you say that Keepass 2 with all features enabled is good-enough for average private person. (Not talking about multi-million USD/BTC net-worth individuals)

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 02, 2014, 08:51:22 PM
 #1817

Actually I started to worry about passwords and password management since the pool became a real business. Then I realized how weak are all those tools for managing passwords, from security perspective.

Unfortunately even today, most of users don't care about their passwords at all. I see this also on pool which has hundreds of thousands accounts; lots and lots mailboxes get hacked every day. (fortunately pool provides 2FA as well as wallet locking, but those are just workarounds for the fact that all password-based internet infrastructure is extremely weak).

I really hope that if people will have Trezor in their hands already, they'll start using its password management capability, if it will be convenient enough...

They don't care because security is hard. If you make it easy enough than they will. If you can make it even easier than actually typing in a password than they certain will. It seems possible to make it easier than typing in a password, there is a certain amount of effort required in doing this. On the trezor all you have to do is press confirm right? You guys have done amazing work so far. At this point i have a great deal of confidence in your team. I really think you guys have a shot at fundamentally changing the way that people think about IT security.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 08:52:31 PM
 #1818

If I understand well, that would mean we should use the same seed for bitcoin and password, modified by a different passphrase to separate curves to not mix things. That would be better than my actual password policy.

No need for separate curve. Thanks to BIP32, the room of possible keys from single space is really huge. Of course passwords will use different branch than private keys for bitcoin, for this reason we introduced BIP43/BIP44.

Quote
I have read that if we leak a single bip32 private key, all other keys can be disclosed. (I don't understand exactly how but it seem to be possible)

This is true, but tranversing works only on the same level of HD tree branch.

However, Trezor never leaks private keys to computer. It only uses internal private keys to actually encrypt/decrypt values provided by computer. So this attack vector is not possible in Trezor.

This is anyway real attack vector for software which uses HD wallets, but offer importing/exporting private keys. There you must be sure you don't leak master public key AND single private key.

Again, this is not a valid case with Trezor.

Quote
I assume (but maybe i'm wrong) that if a compromised computer can have my encrypted password (blob in password manager), plus the decrypted password (sent by Trezor), it's possible to compute the private key

No, this is not possible.

molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
August 02, 2014, 08:53:21 PM
 #1819

I really hope that if people will have Trezor in their hands already, they'll start using its password management capability, if it will be convenient enough...

If convenient enough, I will definitely use it.

EDIT: I love how Bitcoin (as a side-effect so to say) improves general security practices and raises awareness.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
August 02, 2014, 08:56:06 PM
 #1820

On the trezor all you have to do is press confirm right?

Yes. Plus entering PIN for first time since you connect Trezor to the computer (it remembers PIN authorization during power up cycle).

Quote
You guys have done amazing work so far. At this point i have a great deal of confidence in your team. I really think you guys have a shot at fundamentally changing the way that people think about IT security.

Thank you, we're doing our best. Maybe it's because we actually enjoy what we do as well :-). Not to say, this would not be possible without Trezor crowdfunding and I'm really glad that we did not disappoint all of those supporters :-).

Pages: « 1 ... 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 [91] 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!