Bitcoin Forum
December 16, 2024, 10:22:37 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966233 times)
Mushroomized
Legendary
*
Offline Offline

Activity: 1470
Merit: 1002


Hello!


View Profile
November 05, 2012, 05:41:59 PM
 #21

Subbin

(I was trying something similar with my raspi  Wink)

hi
hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
November 05, 2012, 06:38:33 PM
 #22

Even with those theoretical attacks, real safety of such wallet is much higher than any existing solution.

No such thing as perfect security anyway. All there is are tradeoffs, you gain a bit of security but you lose convenience, you lose a bit of security but you gain a bit of convenience, finding the right balance for the right kind of circumstance is what is important.

I think this project is badly needed and I wish you success!

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
sebicas
Member
**
Offline Offline

Activity: 69
Merit: 20


View Profile WWW
November 05, 2012, 07:26:15 PM
 #23

Love the idea!! Please sign me up for one!
Have you thought in adding the project to http://www.kickstarter.com?
I will support it if you do...
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
November 05, 2012, 07:32:47 PM
 #24

Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.
How does the owner send funds outside of seed if the device has been stolen?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 07:38:51 PM
 #25

How does the owner send funds outside of seed if the device has been stolen?

Device ask him to write down the seed from the display during device initialization. So user have to write it to piece of paper and lock it on safe place for the case of theft or corrupted device.

waspoza
Hero Member
*****
Offline Offline

Activity: 602
Merit: 508


Firstbits: 1waspoza


View Profile
November 05, 2012, 08:46:11 PM
 #26

Love the idea!! Please sign me up for one!
Have you thought in adding the project to http://www.kickstarter.com?
I will support it if you do...

Maybe instead kickstarter use http://www.bitcoinstarter.com/ ?
fellowtraveler
Sr. Member
****
Offline Offline

Activity: 440
Merit: 251


View Profile
November 05, 2012, 09:27:13 PM
 #27

Very exciting!

I am interested in this for OT. What can you tell us about the platform, OS, RAM, etc? I would like to make sure OT is able to run on your device.

co-founder, Monetas
creator, Open-Transactions
evoorhees
Legendary
*
Offline Offline

Activity: 1008
Merit: 1023


Democracy is the original 51% attack


View Profile
November 05, 2012, 09:37:28 PM
 #28

I want one immediately.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 09:52:52 PM
 #29

I am interested in this for OT. What can you tell us about the platform, OS, RAM, etc? I would like to make sure OT is able to run on your device.

There will be two different devices - one for DYI hackers, built on Raspberry Pi and second on custom hardware.

You can install anything you want on that RPi device (although it won't be recommended for security reasons!). Second device will be running custom software directly on 70MHz processor without any operating system, with built-in 128kB flash ROM...

niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
November 05, 2012, 10:09:35 PM
 #30

I am interested in this for OT. What can you tell us about the platform, OS, RAM, etc? I would like to make sure OT is able to run on your device.

There will be two different devices - one for DYI hackers, built on Raspberry Pi and second on custom hardware.

You can install anything you want on that RPi device (although it won't be recommended for security reasons!). Second device will be running custom software directly on 70MHz processor without any operating system, with built-in 128kB flash ROM...
How about hardening the device against side-channel attacks by organizing a hackaton following the beta release? Could be part of some Bitcoin conference if timing is right.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 10:20:04 PM
 #31

How about hardening the device against side-channel attacks by organizing a hackaton following the beta release? Could be part of some Bitcoin conference if timing is right.

Well, both software and hardware design will be opensource, so everybody interested in peer review is welcome. We're already in touch with one security group which will potentially make professional security review of the design.

jtibble
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile WWW
November 05, 2012, 11:54:35 PM
 #32

If it's going to be open-source, I'd like to help with UIX for the device.
finway
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
November 06, 2012, 01:20:26 AM
 #33

You should make it pluggable to iPhone,
like this:

fabrizziop
Hero Member
*****
Offline Offline

Activity: 506
Merit: 500



View Profile
November 06, 2012, 01:31:18 AM
 #34

Any estimated price?. And, would it be payable in Bitcoins?
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 06, 2012, 01:36:46 AM
 #35

You should make it pluggable to iPhone,

We discussed that option with audio jack heavily and we rejected the idea for now. By a coincidence stick has some experience with this interface. The reason for "not now" is that we don't want to focus just for Apple devices and it is really hard to implement audio interface correctly for wide range of Andoid devices because of significant differences in specifications between various Andoid phones manufacturers.

So our primary target is to finalize first product which will talk to desktop machines over the USB and if the product will be succesful, then continue with alternative solutions like this.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 06, 2012, 01:39:42 AM
 #36

Any estimated price?

Not yet, we're still evaluating final platform and the design of the casing, which can move final price in tens of percents in both direction. And I don't want to give you false promises...

Quote
And, would it be payable in Bitcoins?

Definitely yes!


cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
November 06, 2012, 02:26:46 AM
 #37

Very nice project. Let's see if we can get PG to design a leather carry case for this nifty wallet.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Uglux
Full Member
***
Offline Offline

Activity: 222
Merit: 100



View Profile
November 06, 2012, 03:54:02 AM
 #38

Can I preorder please? Smiley
DoomDumas
Legendary
*
Offline Offline

Activity: 1002
Merit: 1000


Bitcoin


View Profile
November 06, 2012, 05:36:31 AM
 #39

Very nice, love that project !

Well tought, seems to me that this project have real good chance to become a widely sold/used product !

Congratulations Smiley  Keep up the good work, I'll enjoy reading developpement about it Smiley

I've no usable knowledge to help, but if any funds needed for a mass production startup, I'll sure participate in raising funds !


Slush, AFAIK, you made the first mining pool, I'm confident you and the community that help you will manage to acheive successfully this nice project !

Long live to everybody participating to this Cheesy Cheesy Cheesy
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
November 06, 2012, 07:46:50 AM
 #40

First of all, my sincere congratulations for the initiative!

* No need for periodic backups, writing down the seed to paper during the device initialization will be enough forever
...
* Possibility to do paper-backup of private keys only once during wallet initialization

I'm really not a big fan of paper backups. There are so many ways paper could be destroyed/lost, and there's no way to encrypt paper and send it safely to remote backup servers distributed all over the globe. Plus, if you consider an attacker gaining physical access to the device, you should consider him getting physical access to the paper backup too.

I'd strongly suggest an alternative: allow the user to type a passphrase during initialization. Use this passphrase to encrypt the seed and save only the encrypted copy outside the device via USB. Obviously, instruct the user to use a strong passphrase and to back up the file as much as he can.

I realize that I can scan the paper backup, encrypt it and do it myself. But then again, I would need a safe device just for this task...

* Impossibility to obtain private keys from the device in a case of theft
* Impossibility to re-flash the device with malicious code

Cool. These are important features. But honestly, a thief willing to physically steal the device will likely not even bother hacking it, he'll just perform a $5 wrench attack (or variant) and get the money.
The only potential protection I can think of against $5 wrench attacks is plausible deniability (hidden volumes) - and even that will not protect you if the attacker knows how much money you've got.

By the way, "plausible deniability" may also translate to "multiuser". Each wallet user may have a different password (plus a few "fake users" just for the thieves Wink), which would represent a different hidden volume in the device. This way, a family for example could share the same device, with each family member having its own wallet. I think you should consider implementing this, not only for security reasons, but also for this nice safe multiuser feature.

I want one immediately.

Me too! Cheesy

I am interested in this for OT. What can you tell us about the platform, OS, RAM, etc? I would like to make sure OT is able to run on your device.

That could be quite cool too! Particularly if you could easily run an OT-server in it. If I understand OT correctly, you may have multiple servers and exchange tokens from different servers, can't you? This way each asset issuer could easily have their own safe servers, even those issuers which are not tech savvy people. But something tells me that you cannot have a server in the device while preserving its strong security constraints... a server would likely need to be upgraded frequently, I suppose. Even still, it'd be safer than using a generic computer.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!