[ESHOP launched] Trezor: Bitcoin hardware wallet

[kkurtmann]

Thanks for the reminder, but I suppose that you have already discussed that problem over there.

That's kind of easy to check by yourself, isn't it ? This is the Trezor thread, it'd be great if you could keep it Trezor related, otherwise 2015 is going to be fun when you'll feel the need to compare Trezor to Bitcoincard, Bitstash, Case, Coolbitx, our next devices and the few others similar things that'll be out next year and other people feel the need to do the same in each manufacturer thread.

Please feel free to open a hardware wallet comparison thread instead. End of derailing for me, sorry for the inconvenience.

Challenge accepted.

[deeneendo]

is there anywhere I can find information on a problem I have had occurring twice so far when sending BTC from myTrezor.com?

the symptom is that a transaction is shown as uncomfirmed for many hours. In the first case, it kind of solved itself after a while, but this caused problems, as this was a bitpay payment that arrived late, so I had to bother support and pay more in the end.

Also, the txid is not found on blockchain.info.

Further symptoms: account balance is showing MORE than wallet actually contains and warning message appears:

Warning! Account balance information is inconsistent.

what causes this and how can it be avoided?

I use Windows 7 Pro, IE11 in private browsing mode (Chrome does not load the plugin). I have tried clearing cache etc.

Thanks for help.

[viking02]

how long would it take to ship it to east coast in usa?  I read it could take 1 month or so?

[Mickeyb]

So I have been arguing with my best friend about the trezor. I keep telling that it is safe to use trezor even on compromised machines, but he keeps telling me this cannot be possible. So for the sake of the argument, if I have several malwares on my computer, couple of trojans, keyloggers etc.. are my funds safe by using trezor?

I want to show him the replies on this question and shut his mouth once and for all!

Thanks all!

[lyth0s]

Mickeyb, your private keys are on your trezor and never leave it, thus any malware on your PC can't get your private keys. The transaction is created on your PC, then sent to your trezor to be signed. The trezor then requires your pin code to sign the transaction and then the signed transaction is sent back to your PC to be broadcasted. So in that regard, yes your bitcoins are 100% safe.


Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents.



By the way, I finally received my trezor 2 days ago and I LOVE IT. Amazing product guys, keep up the good work. Also future integration with electrum is PERFECT for me

[kkurtmann]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents

This is the purpose of the screen, to verify the address and amount are correct before signing.

[lyth0s]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents

This is the purpose of the screen, to verify the address and amount are correct before signing.

What I'm talking about is a virus giving you the wrong address to send to, which occurs prior to dealing with the Trezor at all. Like if I email you my address which is 1Lyth and the virus changes the HTML/message to read 1Virus and then you send the bitcoins to 1Virus thinking that it's the correct address.

[kkurtmann]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents

This is the purpose of the screen, to verify the address and amount are correct before signing.

What I'm talking about is a virus giving you the wrong address to send to, which occurs prior to dealing with the Trezor at all. Like if I email you my address which is 1Lyth and the virus changes the HTML/message to read 1Virus and then you send the bitcoins to 1Virus thinking that it's the correct address.

This is what the screen on the Trezor is for. When your computer sends the unsigned tx to the Trezor for signing, you can verify on the Trezor screen that the correct address and amount are shown before clicking confirm on the Trezor. I'm sure all this is covered in the manual.

[Mickeyb]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents

This is the purpose of the screen, to verify the address and amount are correct before signing.

What I'm talking about is a virus giving you the wrong address to send to, which occurs prior to dealing with the Trezor at all. Like if I email you my address which is 1Lyth and the virus changes the HTML/message to read 1Virus and then you send the bitcoins to 1Virus thinking that it's the correct address.

This is what the screen on the Trezor is for. When your computer sends the unsigned tx to the Trezor for signing, you can verify on the Trezor screen that the correct address and amount are shown before clicking confirm on the Trezor. I'm sure all this is covered in the manual.

Well if the changing of the address by the malware is the only problem then we can sleep peacefully. I will tell him to revisit this thread and to see responses by himself. Of course nobody sane enough will ever have 5 malwares on his machine, but I was just speaking hypothetically.

[klokan]

So I have been arguing with my best friend about the trezor. I keep telling that it is safe to use trezor even on compromised machines, but he keeps telling me this cannot be possible. So for the sake of the argument, if I have several malwares on my computer, couple of trojans, keyloggers etc.. are my funds safe by using trezor?

I want to show him the replies on this question and shut his mouth once and for all!

Thanks all!

Trezor is secure in two important points:
1. It will never share your private keys with a computer no matter how many viruses and troyans are on the computer.
2. When signing a transaction (which is created on computer so it potentialy may be incorrect, missleading or maliciously created), Trezor will display comprehensive information about the transaction and it will ask you to press the confirm button twice. As mentioned above me, this does not protect you against phising attack as described here: http://doc.satoshilabs.com/trezor-faq/threats.html#what-doesn-t-trezor-protect-against-yet but the important point is that Trezor would never sign this transaction without you seeing it and confirming it. So in case you know the address you want to send to, there is no way computer can trick you into signing something else.

[btchip]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents

This is the purpose of the screen, to verify the address and amount are correct before signing.

no, it's not. The only way to guard against such attack (out of having one distinct channel to communicate Bitcoin addresses) is to support BIP 70 payments with properly pinned down certificates (so that the malware wouldn't be able to sign again in the middle with its own key).

[klokan]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

I'm sure the trezor team can give you better descriptions, but that's my 2 cents

This is the purpose of the screen, to verify the address and amount are correct before signing.

no, it's not. The only way to guard against such attack (out of having one distinct channel to communicate Bitcoin addresses) is to support BIP 70 payments with properly pinned down certificates (so that the malware wouldn't be able to sign again in the middle with its own key).

I don't think that BIP70 is the answer to all these issues. What if I don't want to tie my address to my identity? I cannot use Bitcoin? I believe this would defeat one of the purposes for which Bitcoin was created.

[btchip]

I don't think that BIP70 is the answer to all these issues. What if I don't want to tie my address to my identity? I cannot use Bitcoin? I believe this would defeat one of the purposes for which Bitcoin was created.

I believe things start to be interesting if you consider your devices identity instead of your identity, and establish trust relationships between devices.

[klokan]

I don't think that BIP70 is the answer to all these issues. What if I don't want to tie my address to my identity? I cannot use Bitcoin? I believe this would defeat one of the purposes for which Bitcoin was created.

I believe things start to be interesting if you consider your devices identity instead of your identity, and establish trust relationships between devices.

I agree that this is an interesting valid use-case. Still, I think that non-BIP70 transactions are a valid use-case for bitcoin as well.

[btchip]

I agree that this is an interesting valid use-case. Still, I think that non-BIP70 transactions are a valid use-case for bitcoin as well.

yes of course. I'm just discussing BIP70 as a possible way to make sure that an address hasn't been modified between the sender and the receiver, considering it's already implemented by several wallets.

[JorgeStolfi]

Now a weakness of having viruses on your computer could be that the address that you want to send the coins to can be modified before your PC displays it. IE you receive a PM and the virus changes all bitcoin addresses in your webrowser to their address or if you copy/paste it changes the addresses in the clipboard. So then when you THINK you're sending the bitcoins to the right person, it could actually be the wrong address. That is the #1 thing I would watch for.

This is the purpose of the screen, to verify the address and amount are correct before signing.

no, it's not. The only way to guard against such attack (out of having one distinct channel to communicate Bitcoin addresses) is to support BIP 70 payments with properly pinned down certificates (so that the malware wouldn't be able to sign again in the middle with its own key).

To clarify (?):

* No device will protect you, if you got the wrong address to start with.  If you are not a paranoid computer guy, malware could trick you by substituting the thief's address for a merchant's address that you got from email or a website.

* Assuming you have the correct address (and a legitimate Trezor with legitimate bug-free firmware), checking the address on Trezor's screen will protect against malware on the PC.

* As I understand it, the Ledger screen-less device picks some random letters from the address, and asks you to type the corresponding codes that you look up in an table provided with the device.  Assuming you have the correct address (and a legitimate Ledger device with legitimate bug-free firmware), this protocol will protect from malware at first. However, as discussed above, after signing enough honest transactions the malware in the PC will get to know the code table; and then it will be able to trick the device into signing a transaction with the thief's address.

[btchip]

To clarify (?):

* No device will protect you, if you got the wrong address to start with.

the discussion was about finding methods to prevent that, BIP70 with a correctly enforced certificate chain being one suggestion, in which the device can help (by enforcing said certificate chain)

[klokan]

To clarify (?):

* No device will protect you, if you got the wrong address to start with.

the discussion was about finding methods to prevent that, BIP70 with a correctly enforced certificate chain being one suggestion, in which the device can help (by enforcing said certificate chain)

Exactly. AFAIK Trezor plans to implement this BIP once it's accepted (It's in the final draft stage now). But provided that BIP70 is used, device may be able to protect you against address replacing malware.

[JorgeStolfi]

To clarify (?):

* No device will protect you, if you got the wrong address to start with.

the discussion was about finding methods to prevent that, BIP70 with a correctly enforced certificate chain being one suggestion, in which the device can help (by enforcing said certificate chain)

Exactly. AFAIK Trezor plans to implement this BIP once it's accepted (It's in the final draft stage now). But provided that BIP70 is used, device may be able to protect you against address replacing malware.

Assuming however that everybody you want to send bitcoins to can be certified in that way.  What if the address-switching malware does its trick only on non-secured addresses?

By the way, I do not see in the BIP-70 write-up an analysis explaining why it would be secure against malicious browsers and apps.  I see only a claim that it is "more resistant" to them, but no explanation why.  Is that obvious?

[chrisrico]

Exactly. AFAIK Trezor plans to implement this BIP once it's accepted (It's in the final draft stage now). But provided that BIP70 is used, device may be able to protect you against address replacing malware.

It is and has been active for a while. Final is final, the reference implementation has been completed and accepted by the community. See here.