[ESHOP launched] Trezor: Bitcoin hardware wallet

[Mickeyb]

Beautiful job guys, I've received mine and it works like a charm!!

[cor]

My new trezor still not working and I have not received any solution from the support service. I have not even been able to access to the first configuration of the device  

Why does it take so long to provide help to your customers via support service?

The last answer from support was more than 30 hours ago, telling me that the problem was probably due to Windows 7 issues when I has been said them before that I had tested the device in another SO. Actually in differents computers with XP, W7 and W8 with same results.

Still waiting since then. Maybe I'm impatient, but I was eager to try and use my trezor.

I'm sorry that you're having these issues.  
We have an extremely low hardware failure when it comes to Trezor itself, less than a promile. USB cables, unfortunately, are causing us much more trouble.
But if the cable is not your problem, please send the device over and we'll replace it. My colleagues are letting you know about the procedure.

[gravitate]

I am getting increasingly frustrated with my Trezor. When I try send BTC from it ut keeps saying 'signing and sending' and nothing happens. I just tried it and had to unplug it and oplug it in 8 times for it to work. Is this a common glitch?

[guitarplinker]

Just received my Trezor today! Very happy with it so far.

One question though, I don't seem to be able to sign messages with any of my receive addresses. When I click the "sign" button, nothing happens. I've tried multiple times, and waited a couple minutes between tries. Any advice on how to get this working?

Edit: Nevermind, works now! Just sent a transaction and it worked after that - maybe it needed my PIN to be entered, which I did to send the transaction?

[stick]

Edit: Nevermind, works now! Just sent a transaction and it worked after that - maybe it needed my PIN to be entered, which I did to send the transaction?

I think address needs to be used first in order to use Sign/Verify workflow (so myTREZOR caches its index). A bug that should be fixed in the next release.

[guitarplinker]

Edit: Nevermind, works now! Just sent a transaction and it worked after that - maybe it needed my PIN to be entered, which I did to send the transaction?

I think address needs to be used first in order to use Sign/Verify workflow (so myTREZOR caches its index). A bug that should be fixed in the next release.

Aha makes sense!

Seems correct, I can't sign a message from an un-used address yet, but the addresses that I've used sign fine.

[sobitcoin]

SO badass! I want one!

[molecular]

I had similar problems like you.

My solution was to use a USB hub with a standalone power supply.

I have experienced a problem with the hub built into my monitor. Not sure wether it's powered or not, but the trezor wouldn't even show in 'lsusb' when connected through that hub.

[blossbloss]

Can someone please provide a short step-by-step tutorial on how to use the Trezor to sign a hash of a document?
Thanks

From memory:

Click on the account that you want to use. Then near the top right you will see a sign and verify button. Click it. It will bring up 2 forms that you can fill out, sign and verify. The first field will be the message. Enter the message that you want to sign in the message field. The second field will be the address. begin typing the address that you want to use. it will detect the address you are entering and provide an option to fill out the rest of the address for you. Click sign. Now look at your trezor. It will ask you to confirm that you want to sign the message. Confirm that you do. Now enter your pin. Look back at the form page in your browser. you will see that the formerly empty signature box will now contain a series of characters. That is your digital signature.

Thanks. So this appears to be signing of messages disconnected to transactions.  And it is signing with my private key.
Is there a way to include a message in a signed bitcoin transaction?  In other words, can I include a SHA256 hash of a document and include it in a transaction that gets recorded on the blockchain?  I think this can be done with some clients (although I do not know which ones can do it).  But can it be accomplished from my Trezor?
Thanks

Molecular has designed a way to hash your document and create a private key out of it. You can send a very small amount of BTC to that address to "timestamp" it and proove you own that doc at a certain moment of time. Don't know if you are looking for that?

If you want the proove to be public, I think you can do the same by creating a public address out of the hash of the doc. But I never that that
(I used the method of Molecular to create a certificate of my Silver Casascius coin )

http://www.proofofexistence.com/ might be what you're looking for. At least it's very similar (identical in function, I think) to what dnaleor is describing and what I had implemented for proving cascascius coin existance. btw, no invention there: I just used the sha256 of the document as a private key (there's no conversion, both are just a 256 bit numbers), derived the matching bitcoin address and sent money to it. Adavantage: you can still move that money. Disadvantage: you can't read any 'message', just verify it has existed if you have it.

"Is there a way to include a message in a signed bitcoin transaction?" <- I'm not sure what to make of this. You can sign a transaction, you can sign a message. You can encode a message into a transaction.

Molecular,

Sorry for such a late reply to your response. Your proofofexistence site looks very interesting, but I have to admit I'm struggling making it work.

In the meantime I ran a test. I created a PDF file and generated its SHA256 hash as my private key. I used bitaddress.org's "wallet details" to generate the corresponding public address. I then sent a small fraction of a millibitcoin to that address to time stamp the transaction on the block. Now I can prove that the PDF document existed at the time of the transaction.

Is there something I'm missing?

Thanks.

[esuncloud]

One quick question, there is no source code of the browser-plugin-trezor_1.0.5?
There is only github fork as below:
https://github.com/trezor/firebreath
However, this is not the trezor plugin.

[molecular]

Molecular,

Sorry for such a late reply to your response. Your proofofexistence site looks very interesting, but I have to admit I'm struggling making it work.

In the meantime I ran a test. I created a PDF file and generated its SHA256 hash as my private key. I used bitaddress.org's "wallet details" to generate the corresponding public address. I then sent a small fraction of a millibitcoin to that address to time stamp the transaction on the block. Now I can prove that the PDF document existed at the time of the transaction.

Is there something I'm missing?

Thanks.

That site is not mine.

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

[molecular]

I received an email scam of sorts:





The links inside the email point to domain buytrezor.us7.list-manage.com

Not sure what's there... didn't check.

[stick]

I received an email scam of sorts:

It's not a scam. It's a regular newsletter sent via Mailchimp service.

[molecular]

I received an email scam of sorts:

It's not a scam. It's a regular newsletter sent via Mailchimp service.

hmm. ok.

I aplogize for making waves. I found it suspicious that the a link displayed as "myTrezor.com" didn't go there, but to some other domain.

I'm not sure why my thunderbird marked it as a scam, either. Maybe because of that?

[blossbloss]

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

Excellent! Thanks.

[binford]

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

Excellent! Thanks.

you should not move all money from that address as the bitcoin paper describes pruning of transactions from blockchain for empty addresses. if you need your proof to be preserved longterm this is a risk to be aware of

[sandpaper]

I received an email scam of sorts:

It's not a scam. It's a regular newsletter sent via Mailchimp service.

hmm. ok.

I aplogize for making waves. I found it suspicious that the a link displayed as "myTrezor.com" didn't go there, but to some other domain.

I'm not sure why my thunderbird marked it as a scam, either. Maybe because of that?

I would still be on the safe side and ignore that email. You seem to know your stuff and to me that looked fishy as well. Or should I say phishy.

Edit: Are all trezors waterproof?

[kkurtmann]

As far as I know, Trezor devices are not waterproof.
The manufacturer of the device just said the email was legit and you even quoted him.

[molecular]

To prove your pdf existed, I would go a similar route as you took: I would hash the doc, convert the private key to an address and verify that the address has received money in the past. If it has, either the document must have existed or the extremely unlikely event that someone chose the hash of the document as a private key by accident must have happened. Since we can rule out the latter with high probability, the documents existence at the time of the transaction is proven.

Please note: you should move the money from that address. Anyone with the document can access it.

Excellent! Thanks.

you should not move all money from that address as the bitcoin paper describes pruning of transactions from blockchain for empty addresses. if you need your proof to be preserved longterm this is a risk to be aware of

This is a valid concern and I've thought about that: I think it's save to remove the money. There will most likely always be a complete transaction history available and it's good practice to keep the unspent transaction output set as clean (small) as possible because it has to be accessed quickly by servers/wallets.

Also: you'll have to keep the document itself anyways. So why not keep the block with the relevant tx in it along with it?

EDIT: another minor point: If you're concerned of losing the ability to prove existence due to the money being removed from the address, you would also have to keep your document secret to avoid someone else removing the money.

EDIT2: sorry for all the offtopic babble.

[pitiflin]

I'm going to buy 2 trezors, (1 for recovering the seed if something bad happens)

My question is... what's the difference between using Armory with a cold wallet (my current setup) and using Trezor? They look very similar to me. Someone mentioned earlier the difference between a cold wallet and an offline wallet, but I didn't understand it very well.

Finally, which option would you recommend better? If any? Maybe both options are equally safe...

I appreciate it