[ESHOP launched] Trezor: Bitcoin hardware wallet

[dnaleor]

I have a question concerning advanced settings (use of passphrases).

As far as I see there are two exclusive options:
1) use no passphrases at all.
2) use one or more passphrases.

It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
    This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is
    (optionally) given.

Is this possible ?

I had the same question earlier, but I guess this is not a priority...

[TwinWinNerD]

It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
    This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is
    (optionally) given.
Is this possible ?

http://doc.satoshilabs.com/trezor-user/advanced_settings.html

This is not answering his question. He would like to have accounts with different security levels.

One with PIN only, and one with 1 password, maybe 1 with 2 passwords ect.

[keithers]

It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
    This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is
    (optionally) given.
Is this possible ?

http://doc.satoshilabs.com/trezor-user/advanced_settings.html

This is not answering his question. He would like to have accounts with different security levels.

One with PIN only, and one with 1 password, maybe 1 with 2 passwords ect.

Trezor should make a dedicated forum on their homepage so that people can bring up suggestions and questions to their dev team, rather than everyone having to post it all in this one thread like a melting pot...

[salsacz]

keith: you can use http://www.reddit.com/r/TREZOR/ too

[keithers]

keith: you can use http://www.reddit.com/r/TREZOR/ too

Ok thanks. I don't use reddit all that much. Sometimes just read things there though. Will check it out.

[AussieHash]

It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
    This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is (optionally) given.
Is this possible ?

http://doc.satoshilabs.com/trezor-user/advanced_settings.html

This is not answering his question. He would like to have accounts with different security levels.

http://doc.satoshilabs.com/trezor-user/advanced_settings.html#multi-passphrase-encryption-hidden-volumes

it is possible to set up your TREZOR multiple times with multiple passphrases. The goal is to have one “spoof” setup that only holds a few bitcoins or bitcents and one “real” setup that holds your fortune.

[chrisrico]

This assumes that the first 6.2044840173323943936 × 10^23 - 1 tested combinations are all incorrect, which is extremely unlikely. The probability of this happening is equal to having a correct guess in the first attempt

So divide by two to find the average time. Still plenty of time to move your coins (on the order of years) assuming an attacker with an incredible amount of resources.

[blue_w1nter]

Bought one yesterday, waiting for it to arrive. 

I've read through the FAQ and the manuals on the website but there are still some parts that I don't really understand...

Does the Trezor hold your coins? or are they on the Trezor web wallet (or whatever wallet you're using)?
Isn't it still possible for hackers to create malware and upload it onto a trezor through the "update" function?
 

I'm sorry if these questions have already been answered in this thread but as you can see, the thread is almost as long as a book.

[bitpop]

Bought one yesterday, waiting for it to arrive. 

I've read through the FAQ and the manuals on the website but there are still some parts that I don't really understand...

Does the Trezor hold your coins? or are they on the Trezor web wallet (or whatever wallet you're using)?
Isn't it still possible for hackers to create malware and upload it onto a trezor through the "update" function?
 

I'm sorry if these questions have already been answered in this thread but as you can see, the thread is almost as long as a book.

Technically wallets do not contain any coins, they hold private keys that can prove which ones you own on the blockchain.

These private keys are protected by the trezor. It only accepts valid updates not any update so you should be able to safely use it on an infested computer.

[randomguy7]

However: should you make a mistake and have to enter re-do the whole process, the random words will be known to a keylogger, because trezor chooses different random words every time. So the words identical between the 2 restore-processes (1 failed, 1 succeeded) will be the seed words.

With a 12 word seed theres only 12! = 479,001,600 combinations. So better not "try again" after a failed restore from seed on the same machine if you have a short seed like that... or just just 24 word seed to be safe.

Definitely needs that offline recovery tool

Or a 36 seed recovery.

Another possibility would be that a certain TREZOR has hardware specific "random words" in the seed recovery. So even if you recover twice on the same trezor, the attacker wouldn't know what the wrong words were.

I just discovered random words are not used on 24 word seed. Maybe random words are used just to fill up to 24 words? Would make sense.

Yup. See the link to the source in this post https://bitcointalk.org/index.php?topic=122438.msg8243169#msg8243169

[randomguy7]

However: should you make a mistake and have to enter re-do the whole process, the random words will be known to a keylogger, because trezor chooses different random words every time. So the words identical between the 2 restore-processes (1 failed, 1 succeeded) will be the seed words.

With a 12 word seed theres only 12! = 479,001,600 combinations. So better not "try again" after a failed restore from seed on the same machine if you have a short seed like that... or just just 24 word seed to be safe.

Definitely needs that offline recovery tool

Or a 36 seed recovery.

Another possibility would be that a certain TREZOR has hardware specific "random words" in the seed recovery. So even if you recover twice on the same trezor, the attacker wouldn't know what the wrong words were.

The random words could probably be derived from the seed (hash("some data, no matter what, but always the same" + <seed> + <last-iteration-result-if-set>) and repeat a gazillion times or something like that) so that they stay the same for every recovery of a specific seed.

edit: Just rethought that. This wouldn't work as the new trezor doesn't know the seed yet and can't calculate the random words.

[BurtW]

I wish there was an alternative way to recover the Bitcoin in case of hardware failure or other abnormality. Instead of having to wait for another Trezor to come in.

The wallet32 android ap works great for this and it is also a great "everyday" android wallet.  I have tested it for 12,18 and 24 word recoveries and others have tested it with a password.

[BurtW]

Dear BitcoinTrezor Team!

Thanks for you device! I ordered it (anywhere in a way now)
But one question please.

You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.

If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?

As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).

What do you think?

Thanks!

If this ever happens to me here is what I would do:

Get a new Trezor and set it up from scratch with a new seed (no security problem there)
Enter my old seed into wallet32
Immediatly send all the BTC to the new Trezor

Yes, I am vulnerable for a brief time there...

Rethinking this I would not do it this way.  It is safer to carefully use the recovery procedure on the Trezor and then move the coins to a new seed.

[stick]

Rethinking this I would not do it this way.  It is safer to carefully use the recovery procedure on the Trezor and then move the coins to a new seed.

Right. It's even described here: http://doc.satoshilabs.com/trezor-user/advanced_features.html#changing-your-trezor-recovery-seed
It's cumbersome, but secure. Much easier if you have 2 devices. *hint* *hint* :-)

[klondike_bar]

Dear BitcoinTrezor Team!

Thanks for you device! I ordered it (anywhere in a way now)
But one question please.

You use nice protected way for enetering PIN code in computer which can be infected by virus/trojan. It's keep my PIN safe from keylogger and mouselogger.
But i have read your the Trezor documentation and if i right understand your device has the one vulnerability.

If i lost my trezor, i go to your site "mytrezor.com", to connect new device to bridge and now i should enter seed words through computer.
If my computer to be infected a some trojans could catch entered words of seed and immediatly after this steal all bitcoins from BIP32 wallet.
Can this happens? As i understand you don't have same protected mode for a word entering?

As workaround of this could be present a seed not by words but by 0-2047 digits. BIP32 words presented as 2^11 digits, right?
You could be replace seed words by digits but the recover process could be use your PIN mechanism (random keyboard in trezor's screen).

What do you think?

Thanks!

my understanding is that you do not enter the seed as a string of words, but rather follow prompts from the mytrezor page such as:
type 5th seedword
type 2nd seedword
type "plus"
type 1st seedword
type 10th seedword
type "mouselicker"
type 5th seedword
type "orange"
etc

so that a keylogger would not be able to determine the order of your seed words or differentiate between your seed and random word requests by the trezor program.

[stick]

my understanding is that you do not enter the seed as a string of words, but rather follow prompts from the mytrezor page such as:

Exactly. Old firmware (1.2.0 and older) used 50% fake words. New firmware (1.2.1+) always asks for 24 words (making it 12 fake words for 12-word mnemonic, 6 fake words for 18-word mnemonic and no fake words for 24-word mnemonic). And we also switched the default from 12 words to 24 words, so most of the people will not see the "fake words" feature anymore.

[molecular]

I have a question concerning advanced settings (use of passphrases).

As far as I see there are two exclusive options:
1) use no passphrases at all.
2) use one or more passphrases.

It would be nice to set up Trezor in a way so that you can have at the same time:
1) one 'account' with no passphrase (for small money).
    This could pop up in the web wallet immediatly without further interaction when you connect the Trezor.
2) one or more (hidden) accounts. These would be visible only if the correct passphrase is
    (optionally) given.

Is this possible ?

I would also like this feature. You can enter the empty string as passphrase, but that's not the same.

In case of a 5$ wrench attack, it's more credible to say: "what passphrase? I didn't set a passphrase, see: my money's there, now stop hitting me!" instead of "I set only one passphrase, dude, I don't know what plausible deniability even is, and please stop hitting me now!".

[bigasic]

I have been looking at ways to protect my coin yet have then accessible. I know that BFL is making one,but I wouldn't buy anything from them even if it gave me a bitcoin every time I used it, well, okay, id probably use it then, but you get me..

I have been using the paper wallet, but that can be a pain, keeping a copy in a safe deposit box,  etc.  I think I may give this a go and see how it works..

Im sure there are other devices that are in the works as well, but I think this is one of the best thats available right now.

[Grinny]

Hey!

Would be totally awesome to see a regularly updated 'supported clients' list in OP!
I'm only waiting on Electrum for Litecoin until i buy my Trezor

I know, the implementation is not up to you, but up to the wallet devs, but anyway... better to have one place where all supported clients are listed than to look up every single thread.

[JorgeStolfi]

In a 5$ wrench attack, it's more credible to say: "what passphrase? I didn't set a passphrase, see: my money's there, now stop hitting me!" instead of "I set only one passphrase, dude, I don't know what plausible deniability even is, and please stop hitting me now!".

XKCD is a helluva "meme generator".    But in reality the "5$ wrench attack" is usually more complicated than what the phrase suggests.

Armed robbers usually have some idea (right or wrong) about how much money you are worth. It can be as basic as "that guy must be loaded" based on your clothes and car; or a detailed profile of your worth and habits, from "casing" your home for several days, talking to talkative friends and service people, investigating your business, etc.

So, basically,  robbers will not want your password in order to check how much is the balance on your Trezor.  They will demand some satisfactory amount of money (or bitcoins, if they believe you have them), and expect you to do whatever you need to deliver it.

You may try to convince them that you have no way of providing the amount that they want, but that is risky: if they are forced to leave without the expected loot, they may kill you, out of anger, or to send a message to other future victims.  If you have family, they will probably use them as hostages and threaten to kill them.  On the other hand, "professional" robbers will rarely kill if they get what they expected.  If you do have enough money to make them happy, you will find that it is better to give it up than to risk the alternative.  Money can be recovered or earned again; your life, and that of your dear ones, cannot.

Robbers know that most people keep most of their dollars in the bank; so, normally, they will neither expect nor demand cash.  (Although they may take you to an ATM and force you to withdraw as much as possible.  And, if you do keep lots of cash at home, they may well know about it.)   But "bitcoin-enabled" robbers, if they know that you keep all your fortune in bitcoins, will probably assume that you can transfer all your coins from home, without contacting anyone else;  so they will probably demand all that they think you own.

(I can speak with some authority on this: although I have never been robbed (knock wood), several of my friends and relatives have been, some more than once.  And the student frat next to my home was robbed a couple of months ago.  Robbers usually came gangs of three or more, often in daytime, with handguns or machine guns.  Fortunately no one was harmed, and the robbers were content with carriable goods, such as laptops and TVs.  They did not expect to find large amounts cash -- except once, when  the gang had just watched the victim withdraw several thousand in cash at the bank.  But they took any guns that the victims had at home, including the entire collection of one victim.)