Bitcoin Forum
December 12, 2024, 02:49:38 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966225 times)
chrisrico
Hero Member
*****
Offline Offline

Activity: 496
Merit: 500


View Profile
January 24, 2013, 04:09:46 PM
 #301

To enable flashing feature you have to ultimately trust the computer you are performing flashing on. If there was such computer you would not need Trezor at all (speaking of average users not technical savvy people).

I think with the method Mike described, that's not the case. If a virus on the flashing computer attempted to flash a modified version of the firmware, the bootloader would reject it due to an invalid signature.

The usual way to implement that is have the locked firmware just contain a bootloader that verifies the signature on the next part of the code, and have that code loaded from reflashable memory. Sometimes the firmware has features like rollback prevention so a bad guy/virus cannot downgrade code to a known vulnerable version.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
January 24, 2013, 04:15:21 PM
 #302

It's possible for all of us to be right - allowing upgrades that come from insecure computers is definitely possible in the general case, but it may not be implementable with the specific hardware stick/slush are using. If there's a way to do it though, it definitely makes sense to do so - it'd significantly increase the value of the device (at least to me) if I knew it was somewhat future proof.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
January 24, 2013, 04:19:51 PM
 #303

I think it is possible, but security considerations are currently the most important. I'm not against such feature in the future, but it must be done properly to not introduce any backdoor. Still, the security concern is top priority.

stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
January 24, 2013, 04:21:37 PM
 #304

I think with the method Mike described, that's not the case. If a virus on the flashing computer attempted to flash a modified version of the firmware, the bootloader would reject it due to an invalid signature.

Yes, right. USB mass storage bootloader with asymmetric crypto check would be the way. But we have to consider very carefully whether is introducing another attack vector for such small benefit worth it.

caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
January 24, 2013, 04:24:48 PM
 #305

And what if a security vulnerability is found in the software? Am I supposed to buy a new one? Shouldn't the sellers bear that cost?

What if there's a bug in the software that manages the breaks of your car? (many newer cars have electronic breaks, remember that Toyota scandal?)
Even if it was possible to update the firmware of such software, most people wouldn't be capable of. A recall would be necessary.

I'd expect the same for Trezor. If a critical bug is found, they should do a recall. So, yeah, they'd better test it a lot, and keep it simple.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
January 24, 2013, 04:25:32 PM
 #306

So, yeah, they'd better test it a lot, and keep it simple.

+1

Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
January 24, 2013, 06:45:45 PM
 #307

Toyota could survive the huge cost of the mass recall. It would have sunk a smaller company, especially if that was the only product. I agree simplicity is valuable, but given the complexity of cryptography I am doubtful the code will be flawless first time.
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
January 24, 2013, 06:57:19 PM
 #308

You want the device to be unmodifiable for security reasons

+
 
A perfect initial product is very difficult

=

Perhaps we should have limited production runs for the first iteration or two.
If I bought a Trezor v1 that had some limitations but my experience directly led to the next version being spot on I cannot say I would mind. Crowdtesting, so to speak.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
btchip
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500

CTO, Ledger


View Profile WWW
January 24, 2013, 07:29:59 PM
 #309

Toyota could survive the huge cost of the mass recall. It would have sunk a smaller company, especially if that was the only product. I agree simplicity is valuable, but given the complexity of cryptography I am doubtful the code will be flawless first time.

+ a lot for this.

I'd advise everyone working on an embedded product (secure or not) to design a foolproof update/patch mechanism that's guaranteed not to create too many bricks first (the iPhone is actually great for that !) then design the application.

While it's possible (but hard, and stressful) to get something bug free on the first run, what happens if someone gets code execution through a protocol bug, or the (unstable) deterministic algorithm used to generate keys change and you can't patch your code ?


caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
January 24, 2013, 07:41:13 PM
 #310

Well, I at least wouldn't want to have on my shoulders the responsibility of having to protect such an import key - nor the price tag on my head that would eventually come with it.
At the end it's up to slush and stick to choose what they prefer: the risk of a recall or the risk of losing / being forced to give up the signing key.

Perhaps the beta version could be modifiable, and once they're sure it's stable enough, they stop selling it and switch to a non-modifiable one. And perhaps once they become a multi-million dollars corporation with branches all over the world, they can afford to use multiple keys kept by different people on different continents, making an attack practically unfeasible. Wink

 
novusordo
Sr. Member
****
Offline Offline

Activity: 800
Merit: 250



View Profile
January 24, 2013, 10:12:14 PM
 #311

And what if a security vulnerability is found in the software? Am I supposed to buy a new one? Shouldn't the sellers bear that cost?

What if there's a bug in the software that manages the breaks of your car? (many newer cars have electronic breaks, remember that Toyota scandal?)
Even if it was possible to update the firmware of such software, most people wouldn't be capable of. A recall would be necessary.

I'd expect the same for Trezor. If a critical bug is found, they should do a recall. So, yeah, they'd better test it a lot, and keep it simple.


A lot of people use analogies that don't apply to what they're arguing for, but I do like this one. Trezor-like devices could be an extremely important part of one's personal finances in the near future.


                            █████
                        █████████████
                     █████████████
                 ██████████████        █████
              █████████████        ████████████
          ██████████████        █████████████
       █████████████        █████████████       ██████
       ██████████        ████████████           ██████
       ███████       █████████████       ███    ██████
       ███████    █████████████       ██████    ██████
       ████████████████████       ██████████    ██████
       █████████████████       █████████████    ██████
       █████████████       █████████████        ██████
       ██████████       █████████████           ██████
       ███████      ██████████████       ███    ██████
       ██████    █████████████       ███████    ██████
       ██████    ██████████       ██████████    ██████
       ██████    ██████        █████████████    ██████
       ██████    ███       █████████████        ██████
       ██████           █████████████       ██████████
       ██████       █████████████        █████████████
                 █████████████       █████████████
              ████████████        █████████████
                  ████         ████████████
                           █████████████
                         ███████████
                            █████
Ferrum Network • Interoperability Network for Financial Applications
hardcore-fs
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
January 24, 2013, 11:30:53 PM
 #312

too much talking and not enough searching..

http://www.mcureverse.com/Product/Microcontrollercrack/List_of_Common_Microcontrollers_By_Brand_68/68.html

BTC:1PCTzvkZUFuUF7DA6aMEVjBUUp35wN5JtF
btchip
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500

CTO, Ledger


View Profile WWW
January 24, 2013, 11:56:40 PM
 #313


that's nice but I'd say that the target for all hardware bitcoin security devices is to make it time consuming enough for the attacker to get to your coins, so you get the opportunity to transfer them first.

if the attack involves shipping said device to China, the attacker fails without even trying.

bitcoinspot.nl
Sr. Member
****
Offline Offline

Activity: 300
Merit: 250



View Profile WWW
January 30, 2013, 01:26:02 PM
 #314

Just sent a donation,

Is it an idea to maybe do sort of a status update/press release on the forum or mabye via some newssite to highlight the project and the status.
And that would also be a good opportunity to ask for donations ?

Greetz.

- bitcoinspot.nl - Alles over bitcoin! -
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
January 30, 2013, 05:44:38 PM
 #315

Just sent a donation,

Is it an idea to maybe do sort of a status update/press release on the forum or mabye via some newssite to highlight the project and the status.
And that would also be a good opportunity to ask for donations ?

We have started a small microsite at http://trezor.bitcoin.cz/ - now it contains just few links. But probably later it'll be a full website with features you are mentioning.

PS: Your donation haven't arrived yet :-/

World
Hero Member
*****
Offline Offline

Activity: 743
Merit: 500



View Profile
January 30, 2013, 09:59:11 PM
 #316

Just sent a donation,

Is it an idea to maybe do sort of a status update/press release on the forum or mabye via some newssite to highlight the project and the status.
And that would also be a good opportunity to ask for donations ?

We have started a small microsite at http://trezor.bitcoin.cz/ - now it contains just few links. But probably later it'll be a full website with features you are mentioning.

PS: Your donation haven't arrived yet :-/
nice and improtant project
done

Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
January 30, 2013, 10:09:08 PM
Last edit: January 31, 2013, 11:12:41 AM by stick
 #317



No, this is not a Solitaire Game, but our planning Kanban board (powered by mighty Trello). As you can see, we are working hard on Trezor ...

hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
January 30, 2013, 10:10:38 PM
 #318

Awesome!

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
World
Hero Member
*****
Offline Offline

Activity: 743
Merit: 500



View Profile
January 31, 2013, 12:55:07 AM
 #319

@stick
your signature is not clickable
alternative:
http://asana.com
https://podio.com

Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
January 31, 2013, 01:57:07 AM
 #320

your signature is not clickable

fixed. thanks

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!