[ESHOP launched] Trezor: Bitcoin hardware wallet

[molecular]

is trezor 100% safe?

against what?

[gweedo]

Is the fee always 0.0001 with myTrezor, or is there a way to do Coin Control to lower it to zero?

No and just pay the $0.03 fee.

I don't have a problem with fees, but sometimes I need to do transfers in exact amounts. Apparently, Electrum 2.0 will be out with Trezor support in the near future, so I'll wait for that.

This makes no sense, mytrezor adds the fees afterward not from the current amount.

[mmortal03]

Is the fee always 0.0001 with myTrezor, or is there a way to do Coin Control to lower it to zero?

No and just pay the $0.03 fee.

I don't have a problem with fees, but sometimes I need to do transfers in exact amounts. Apparently, Electrum 2.0 will be out with Trezor support in the near future, so I'll wait for that.

This makes no sense, mytrezor adds the fees afterward not from the current amount.

Homeslice, if you're sending exact amounts, you don't have any extra on top of the current amount.

[armory]

is trezor 100% safe?

against what?

against hackers
is it safe like a paper wallet?

[TwinWinNerD]

if you treat it like that, and never reveal your seed on an online PC --> yes

[gweedo]

Is the fee always 0.0001 with myTrezor, or is there a way to do Coin Control to lower it to zero?

No and just pay the $0.03 fee.

I don't have a problem with fees, but sometimes I need to do transfers in exact amounts. Apparently, Electrum 2.0 will be out with Trezor support in the near future, so I'll wait for that.

This makes no sense, mytrezor adds the fees afterward not from the current amount.

Homeslice, if you're sending exact amounts, you don't have any extra on top of the current amount.

Then just keep a little extra, like .01 or even .001 more. I don't get the reason to keep just enough. That is like having a wallet and keeping $29.99 in your wallet for dinner and when you can't pay the tax saying well I only use exact amounts. Kinda counter-productive.

[AussieHash]

Then just keep a little extra, like .01 or even .001 more. I don't get the reason to keep just enough. That is like having a wallet and keeping $29.99 in your wallet for dinner and when you can't pay the tax saying well I only use exact amounts. Kinda counter-productive.

Fees are annoying if you have say, coldwallet_1, 2, 3, 4 etc each with a round balance like 25btc that you want to move.

Electrum does a priority calculation on the transaction and it if will be processed by miners (coin age, amount) it will let you send a 0-fee-transaction

https://github.com/spesmilo/electrum/blob/6cd00eb36b9759bd9e4d4c725c60e76dcc40ab42/gui/qt/main_window.py#L1088

[gweedo]

Then just keep a little extra, like .01 or even .001 more. I don't get the reason to keep just enough. That is like having a wallet and keeping $29.99 in your wallet for dinner and when you can't pay the tax saying well I only use exact amounts. Kinda counter-productive.

Fees are annoying if you have say, coldwallet_1, 2, 3, 4 etc each with a round balance like 25btc that you want to move.

Electrum does a priority calculation on the transaction and it if will be processed by miners (coin age, amount) it will let you send a 0-fee-transaction

https://github.com/spesmilo/electrum/blob/6cd00eb36b9759bd9e4d4c725c60e76dcc40ab42/gui/qt/main_window.py#L1088

I still not following this, because cold storage is not suppose to be moved frequently were I see fees being annoying. If you move it more than once then maybe cold storage isn't the best solution for that use case.

I think you are confusing offline wallets and cold storage wallets. Offline wallets let you sign transactions offline blocking computer viruses from easily recovering the private keys. This would be great if you want a wallet that you can use a lot but some good protection from viruses/hackers. This is what trezor is and does fairly well without another computer. Cold storage wallets have many factors that need to come together to spend the funds, making it difficult for someone to get them physically. Offline wallets don't protect against that theft well. Cold storage wallets would be multi-sig addresses, key splitting, 2-3 factor auth. Basically not trezor the pin offers ok protect against this but for enough funds the robber would also try to locate the written down seed as well as trezor, so funds can't be moved before they get to it.

[GreatBug]

is trezor 100% safe?

against what?

against hackers
is it safe like a paper wallet?

Hard, vague question.

Certainly has more electronics than paper.

[JorgeStolfi]

is trezor 100% safe?

against what?

against hackers
is it safe like a paper wallet?

There are some possible attacks using combinations of malware in the host computer, "human engineering", hidden cameras, theft, replacement of the device, infiltration of Satoshilabs, etc..  Appears to be safe if the latter two are considered unlikely and the device is used strictly according to the instructions.

[molecular]

is trezor 100% safe?

against what?

against hackers
is it safe like a paper wallet?

depends how you create and spend your paper wallet.

Short answer: I'd say yes.

Trezor is certainly easier to use securely than a paper wallet.

[mmortal03]

Is the fee always 0.0001 with myTrezor, or is there a way to do Coin Control to lower it to zero?

No and just pay the $0.03 fee.

I don't have a problem with fees, but sometimes I need to do transfers in exact amounts. Apparently, Electrum 2.0 will be out with Trezor support in the near future, so I'll wait for that.

This makes no sense, mytrezor adds the fees afterward not from the current amount.

Homeslice, if you're sending exact amounts, you don't have any extra on top of the current amount.

Then just keep a little extra, like .01 or even .001 more. I don't get the reason to keep just enough. That is like having a wallet and keeping $29.99 in your wallet for dinner and when you can't pay the tax saying well I only use exact amounts. Kinda counter-productive.

Besides the usefulness of handling round numbers, "keeping a little extra" also ties past and future transactions together. Say you keep a little extra in the middle wallet. Each time you attach a bit of that extra as the fee, it links the prinicipal address with the "little extra" address. You could move the "little extra" every time, too, but that's an extra step. You can't always predict ahead of time how many hops you're going to need to make with the funds. Also, for tax purposes, keeping track of the "little extra", which might have started as "a larger extra" is tedious.

[instagibbs]

is trezor 100% safe?

There is no such thing. 100% safe implies there is no possible attack, regardless of adversary resources.

Security is a spectrum that balances people and technological concerns. Trezor seems to have found a good point on that spectrum for normal people.

[keithers]

Anyone know of a timeline for a public release of Electrum 2.0?   I want to try it with trezor, but am not tech savvy enough to be messing around with betas...

[molecular]

Anyone know of a timeline for a public release of Electrum 2.0?   I want to try it with trezor, but am not tech savvy enough to be messing around with betas...

no idea about a timeline. maybe ask in #electrum.

There are still issues: https://github.com/spesmilo/electrum/issues

[armory]

is trezor 100% safe?

against what?

against hackers
is it safe like a paper wallet?

There are some possible attacks using combinations of malware in the host computer, "human engineering", hidden cameras, theft, replacement of the device, infiltration of Satoshilabs, etc..  Appears to be safe if the latter two are considered unlikely and the device is used strictly according to the instructions.

REALLY?
ho god , i boght trezor to fel safe, not to feel into troubles
holy fk
so i can loose my btc if someone hack the trezor labs?

[2586]

There are some possible attacks using combinations of malware in the host computer, "human engineering", hidden cameras, theft, replacement of the device, infiltration of Satoshilabs, etc..  Appears to be safe if the latter two are considered unlikely and the device is used strictly according to the instructions.

REALLY?
ho god , i boght trezor to fel safe, not to feel into troubles
holy fk
so i can loose my btc if someone hack the trezor labs?

By "infiltration of SatoshiLabs", JorgeStolfi is referring to a situation where someone with access to the SatoshiLabs signing key releases a malicious firmware update, and you apply the update to your Trezor before anyone notices the change. It's not a terribly likely scenario, and can be mitigated by waiting for others to vet new firmware updates thoroughly before you apply them. SatoshiLabs uses a deterministic build environment to create the firmware binaries, so it's possible to verify that the released binaries match the available source code.

[JorgeStolfi]

There are some possible attacks using combinations of malware in the host computer, "human engineering", hidden cameras, theft, replacement of the device, infiltration of Satoshilabs, etc..  Appears to be safe if the latter two are considered unlikely and the device is used strictly according to the instructions.

REALLY?
ho god , i boght trezor to fel safe, not to feel into troubles
holy fk
so i can loose my btc if someone hack the trezor labs?

If someone gets a malicious version of the firmware, signed with the authentication keys held by Satoshilabs managers, it may then convince users to download and install that "firmware update" in their Trezor.  That malicious firmware then could steal the coins, in many ways. As long as Satoshilabs takes good care of those keys, that risk does not exist.

A thief may substitute a malicious fake Trezor for the real one, when the user buys it.  A fake Trezor too could steal the keys in many ways.  As long as Satoshilabs keeps close watch on their shipping dept, and users only buy Trezors directly from them, that risk should be small.

The thief could also convince a user to download and install a non-authenticated version of the firmware.  That would cause the Trezor to wipe its memory clean and display a warning on its window.  The thief then would have to convince the user to ignore that warning, and re-enter the 24 magic words, from which the private blockchain keys are derived.   Users should be wary of re-entering the magic words after such a warning.

(Many years ago some pranksters would dial a random fixed phone number, pretended to be the phone company, and asked the person to drop the set into a bucket of water, "for a test".  Many users did.)

[esuncloud]

Has anyone successfully compiled the bootloader? It seems something wrong with the dependence in the Makefiles, because it complains /serialno.c:32: undefined reference to `desig_get_unique_id' Thanks.

[instagibbs]

Has anyone successfully compiled the bootloader? It seems something wrong with the dependence in the Makefiles, because it complains /serialno.c:32: undefined reference to `desig_get_unique_id' Thanks.

You should report the issue in github.