[ESHOP launched] Trezor: Bitcoin hardware wallet

[AussieHash]

I'm pretty sure it does not ask for more words in case of 24 words seed: https://github.com/trezor/trezor-mcu/blob/master/firmware/recovery.c#L97

Looks like stick changed the recovery code here
https://github.com/trezor/trezor-mcu/commit/8c4540ef915e465872dffb7f04dbfa03d926ea3f#diff-d41d8cd98f00b204e9800998ecf8427e
and
https://github.com/trezor/trezor-mcu/commit/ea4d99cfee14d4c08431882c0d2b90f55aa3e7d6#diff-d41d8cd98f00b204e9800998ecf8427e

[dexX7]

Trezor has very low power consumption, I would be very surprised if that's the issue...

I bought a USB powered HUB + a new cable, now it works flawlessly.

hmmmmm   works it with the old cable but with the new active hub, too?

I can confirm this very odd behavior:

Win 8.1, Chrome, Trezor + original USB cable is not recognized
Win 8.1, Chrome, Trezor + Nexus 5 USB cable is recognized and working

And wow, this is a cute and nice little item! The finish surpassed my expectations.


Edit: maybe very important:

The device becomes quite warm within a few seconds with the original cable, which is not the case with the other one. Here is the heatspot:

[dnaleor]

i also tested the exponential waiting time when entering a wrong pin number. Confirmed working. Very good!

[stick]

I can confirm this very odd behavior:

Are you using USB 3.0 port by any chance? Do you see the same behaviour when using USB 2.0 port?

[dexX7]

Are you using USB 3.0 port by any chance? Do you see the same behaviour when using USB 2.0 port?

This was tested with USB 2.0 ports on a Dell XPS 1645.

[carbn]

Chromium in Ubuntu 12.04 just updated and the old plugin stopped working. I'm not switching to firefox for this, so when is the new version coming out?

[stick]

Chromium in Ubuntu 12.04 just updated and the old plugin stopped working. I'm not switching to firefox for this, so when is the new version coming out?

When it's properly tested.

[chrisrico]

Chromium in Ubuntu 12.04 just updated and the old plugin stopped working. I'm not switching to firefox for this, so when is the new version coming out?

You know you don't have to switch to Firefox, right? You could just use Firefox only for MyTrezor.

[Perlover]

Dear BitcoinTrezor Team!

Thanks for you device! I ordered it (anywhere in a way now)
But one question please.

You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.

If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?

As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).

What do you think?

Thanks!

[BurtW]

Dear BitcoinTrezor Team!

Thanks for you device! I ordered it (anywhere in a way now)
But one question please.

You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.

If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?

As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).

What do you think?

Thanks!

If this ever happens to me here is what I would do:

Get a new Trezor and set it up from scratch with a new seed (no security problem there)
Enter my old seed into wallet32
Immediatly send all the BTC to the new Trezor

Yes, I am vulnerable for a brief time there...

[jl2012]

Dear BitcoinTrezor Team!

Thanks for you device! I ordered it (anywhere in a way now)
But one question please.

You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.

If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?

As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).

What do you think?

Thanks!

If this ever happens to me here is what I would do:

Get a new Trezor and set it up from scratch with a new seed (no security problem there)
Enter my old seed into wallet32
Immediatly send all the BTC to the new Trezor

Yes, I am vulnerable for a brief time there...

Yes, so this is totally unacceptable

[TwinWinNerD]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

[chrisrico]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

In case you didn't catch the factorial operator, that's 6.2044840173323943936 × 10^23 combinations that an attacker has to try.

Even if they could try 1 quadrillion combinations per second, it would still take 20 years to exhaust every possibility.

Put another way, in order for an attacker to be able to find your seed within 10 minutes (during which time you should easily be able to transfer the coins to a different device), they would need to be able to try 10^21 (1 sextillion) combinations per second.

[jl2012]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

In case you didn't catch the factorial operator, that's 6.2044840173323943936 × 10^23 combinations that an attacker has to try.

Even if they could try 1 quadrillion combinations per second, it would still take 20 years to exhaust every possibility.

Put another way, in order for an attacker to be able to find your seed within 10 minutes (during which time you should easily be able to transfer the coins to a different device), they would need to be able to try 10^21 (1 sextillion) combinations per second.

This assumes that the first 6.2044840173323943936 × 10^23 - 1 tested combinations are all incorrect, which is extremely unlikely. The probability of this happening is equal to having a correct guess in the first attempt

[JorgeStolfi]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

But if the new Trezor can use those words in random order, why couldn't the attacker do it too?

[jl2012]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

But if the new Trezor can use those words in random order, why couldn't the attacker do it too?

Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst

[jl2012]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

In case you didn't catch the factorial operator, that's 6.2044840173323943936 × 10^23 combinations that an attacker has to try.

Even if they could try 1 quadrillion combinations per second, it would still take 20 years to exhaust every possibility.

Put another way, in order for an attacker to be able to find your seed within 10 minutes (during which time you should easily be able to transfer the coins to a different device), they would need to be able to try 10^21 (1 sextillion) combinations per second.

This assumes that the first 6.2044840173323943936 × 10^23 - 1 tested combinations are all incorrect, which is extremely unlikely. The probability of this happening is equal to having a correct guess in the first attempt

By the way, the manual should warn the user that after recovery the wallet is not perfectly safe and they should transfer everything to a new wallet

I think Perlover's solution is better

[JorgeStolfi]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

But if the new Trezor can use those words in random order, why couldn't the attacker do it too?

Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst

'
I have read it but cannot see the answer.

The attack that worries the OP may be:  hacker installs malicious browser/plugin in many computers and waits for one of the owners to start the recovery procedure.  As the victim types the words, the malicious software sends them to the thief, and sends the wrong words to the victim's Trezor, so that his recovery will fail.  Meanwhile the thief starts the legitimate recovery procedure with another Trezor, enters the words (garbled, with nulls and all), and gets access to the victim's wallet.

(A basic problem of all security systems is that, whatever one must do to get access, someone else with the right information could do the same.  Including biometrics.  Thus, security always depends ultimately on preventing the bad guys from getting some critical information that the good guys have somewhere.)

[jl2012]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

But if the new Trezor can use those words in random order, why couldn't the attacker do it too?

Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst

'
I have read it but cannot see the answer.

The attack that worries the OP may be:  hacker installs malicious browser/plugin in many computers and waits for one of the owners to start the recovery procedure.  As the victim types the words, the malicious software sends them to the thief, and sends the wrong words to the victim's Trezor, so that his recovery will fail.  Meanwhile the thief starts the legitimate recovery procedure with another Trezor, enters the words (garbled, with nulls and all), and gets access to the victim's wallet.

(A basic problem of all security systems is that, whatever one must do to get access, someone else with the right information could do the same.  Including biometrics.  Thus, security always depends ultimately on preventing the bad guys from getting some critical information that the good guys have somewhere.)

Only the victim and victim's Trezor knows the order of the words. The order is generated by Trezor, only shown on its screen, and never transmitted to the infected computer. The malware may make the recovery fail. However, as the malware does not know the order, it can't recover the wallet either

[TwinWinNerD]

@Pelover, well, the seed is entered in a random order. So even if the computer is compromised the attacked still needs to try 24! combinations before cracking your password. So you will have enough time to create a new account as BurtW said.

But if the new Trezor can use those words in random order, why couldn't the attacker do it too?

Please read this: https://github.com/satoshilabs/docs/blob/master/trezor-user/recovery.rst

'
I have read it but cannot see the answer.

The attack that worries the OP may be:  hacker installs malicious browser/plugin in many computers and waits for one of the owners to start the recovery procedure.  As the victim types the words, the malicious software sends them to the thief, and sends the wrong words to the victim's Trezor, so that his recovery will fail.  Meanwhile the thief starts the legitimate recovery procedure with another Trezor, enters the words (garbled, with nulls and all), and gets access to the victim's wallet.

(A basic problem of all security systems is that, whatever one must do to get access, someone else with the right information could do the same.  Including biometrics.  Thus, security always depends ultimately on preventing the bad guys from getting some critical information that the good guys have somewhere.)

The TREZOR will ask you to enter the recovery seed in random order, and the order is only displayed on the trezor. You computer dosn't know what order is right.

So even if the attacker has all words, it is pretty much useless. And the entered order is different everytime you are promted to enter it!