Bitcoin Forum
December 13, 2024, 07:46:16 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 [193] 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966227 times)
jackbox
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024



View Profile
March 18, 2015, 10:10:15 AM
 #3841

Is it possible to use Electrum+Trezor if the Trezor device was set up through https://mytrezor.com? Wallet schould be the same as on mytrezor.com.

Yes, exactly the same. Just set up as new wallet, not restore. It will get the master public key from the Trezor and you are good to go. I use mine with Electrum 2 and it was setup on myTrezor website.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
Erdogan
Legendary
*
Offline Offline

Activity: 1512
Merit: 1005



View Profile
March 18, 2015, 10:30:16 AM
 #3842

Question: How many different passphrases does Trezor support?

over 9000

no, wait

all of them!


How hard are the passphrases to crack compared to bip38? I know there is some type of key lengthening....

I'm mostly curious how hard short passwords are to crack if you have the seed.

That'd be interesting to know, yes.

I know one thing: on each bruteforce attempt you have to query the utxo set to see if there are funds, because there's no other way to know wether or not you have found the correct passphrase. In fact you also have to check wether there address has been used in the past (and now has 0 balance so it's not in the utxo set any more) and/or query a couple more addresses in case the first one was left untouched. That alone should slow things down quite a bit.

The passphrase has to be entered via the pc, and there is no concealment from a rogue pc pin-cod style.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
March 18, 2015, 10:46:31 AM
 #3843

So you can have infinite and separated set of addresses at your own disposal based on the passphrase while having one single private key in the form of the seed? That's neat. Thank you.

That's not quite right. There's one mnemonic, that's the 24 word string. Combined with any (or no) passphrase, the mnemonic gets turned into the seed, and then the root private key. Each passphrase you use with the same mnemonic will generate a different root private key.

what's the correct way to visualize this?  a tree with the root privkey at the top and a new branch extending downwards for each passphrase in a hierarchical tree?
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
March 18, 2015, 10:47:52 AM
 #3844

why do we trust the Electrum server more than mytrezor.com server when it comes to tracking addresses used?
Lincoln6Echo
Legendary
*
Offline Offline

Activity: 2461
Merit: 1058


Don't use bitcoin.de if you care about privacy!


View Profile
March 18, 2015, 10:57:47 AM
 #3845

Is it possible to use Electrum+Trezor if the Trezor device was set up through https://mytrezor.com? Wallet schould be the same as on mytrezor.com.

Yes, exactly the same. Just set up as new wallet, not restore. It will get the master public key from the Trezor and you are good to go. I use mine with Electrum 2 and it was setup on myTrezor website.

So to use the existing wallet from trezor.com I have to choose:

What do you want to do:
-create new wallet

wallet type:
- Hardware wallet

right? Is there something else to consider?
klondike_bar
Legendary
*
Offline Offline

Activity: 2128
Merit: 1005

ASIC Wannabe


View Profile
March 18, 2015, 01:21:58 PM
 #3846

So you can have infinite and separated set of addresses at your own disposal based on the passphrase while having one single private key in the form of the seed? That's neat. Thank you.

That's not quite right. There's one mnemonic, that's the 24 word string. Combined with any (or no) passphrase, the mnemonic gets turned into the seed, and then the root private key. Each passphrase you use with the same mnemonic will generate a different root private key.

what's the correct way to visualize this?  a tree with the root privkey at the top and a new branch extending downwards for each passphrase in a hierarchical tree?

picture it like bitcoin mining almost. The 24-word seed is like the list of transactions. The password (25th word of the seed) is like a nonce - any value will work, and can create millions of possibilities.

24" PCI-E cables with 16AWG wires and stripped ends - great for server PSU mods, best prices https://bitcointalk.org/index.php?topic=563461
No longer a wannabe - now an ASIC owner!
jackbox
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024



View Profile
March 18, 2015, 04:53:56 PM
 #3847

Is it possible to use Electrum+Trezor if the Trezor device was set up through https://mytrezor.com? Wallet schould be the same as on mytrezor.com.

Yes, exactly the same. Just set up as new wallet, not restore. It will get the master public key from the Trezor and you are good to go. I use mine with Electrum 2 and it was setup on myTrezor website.

So to use the existing wallet from trezor.com I have to choose:

What do you want to do:
-create new wallet

wallet type:
- Hardware wallet

right? Is there something else to consider?

Yes, if there is a selection button click Trezor and it will query the Trezor for the public master key and that will be save under the wallet name you previously gave it when you said new wallet. If you start Electrum without the Trezor connected it will say error, watch only mode. If you want to send just plug in the Trezor before starting the send transaction and it will ask for your PIN (if you have one) and then sign the transaction. Easy and works well.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
March 18, 2015, 05:21:34 PM
 #3848

Question: How many different passphrases does Trezor support?

over 9000

no, wait

all of them!


How hard are the passphrases to crack compared to bip38? I know there is some type of key lengthening....

I'm mostly curious how hard short passwords are to crack if you have the seed.

That'd be interesting to know, yes.

I know one thing: on each bruteforce attempt you have to query the utxo set to see if there are funds, because there's no other way to know wether or not you have found the correct passphrase. In fact you also have to check wether there address has been used in the past (and now has 0 balance so it's not in the utxo set any more) and/or query a couple more addresses in case the first one was left untouched. That alone should slow things down quite a bit.

The passphrase has to be entered via the pc, and there is no concealment from a rogue pc pin-cod style.


That's a different attack.

The question was how long would it take (in relation to passphrase length) to bruteforce the passphrase if someone finds your paper seed backup.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
jackbox
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024



View Profile
March 18, 2015, 05:28:27 PM
 #3849

Question: How many different passphrases does Trezor support?

over 9000

no, wait

all of them!


How hard are the passphrases to crack compared to bip38? I know there is some type of key lengthening....

I'm mostly curious how hard short passwords are to crack if you have the seed.

That'd be interesting to know, yes.

I know one thing: on each bruteforce attempt you have to query the utxo set to see if there are funds, because there's no other way to know wether or not you have found the correct passphrase. In fact you also have to check wether there address has been used in the past (and now has 0 balance so it's not in the utxo set any more) and/or query a couple more addresses in case the first one was left untouched. That alone should slow things down quite a bit.

The passphrase has to be entered via the pc, and there is no concealment from a rogue pc pin-cod style.


That's a different attack.

The question was how long would it take (in relation to passphrase length) to bruteforce the passphrase if someone finds your paper seed backup.


That would depend on the length and complexity of the password and if anything about it was known to the attacker. With a strong password it could take thousands of years. Once quantum computers are mainstream it could possibly be brute forced within minutes but by then Bitcoin protocol would have changed to a quantum alogorithm.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
March 18, 2015, 05:29:15 PM
 #3850

So you can have infinite and separated set of addresses at your own disposal based on the passphrase while having one single private key in the form of the seed? That's neat. Thank you.

That's not quite right. There's one mnemonic, that's the 24 word string. Combined with any (or no) passphrase, the mnemonic gets turned into the seed, and then the root private key. Each passphrase you use with the same mnemonic will generate a different root private key.

what's the correct way to visualize this?  a tree with the root privkey at the top and a new branch extending downwards for each passphrase in a hierarchical tree?

picture it like bitcoin mining almost. The 24-word seed is like the list of transactions. The password (25th word of the seed) is like a nonce - any value will work, and can create millions of possibilities.


isn't each passphrase generated set of addresses a separate branch of the HD tree?  however, it sounds like no further sub-branches can be built under each branch?
jackbox
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024



View Profile
March 18, 2015, 05:31:03 PM
 #3851

So you can have infinite and separated set of addresses at your own disposal based on the passphrase while having one single private key in the form of the seed? That's neat. Thank you.

That's not quite right. There's one mnemonic, that's the 24 word string. Combined with any (or no) passphrase, the mnemonic gets turned into the seed, and then the root private key. Each passphrase you use with the same mnemonic will generate a different root private key.

what's the correct way to visualize this?  a tree with the root privkey at the top and a new branch extending downwards for each passphrase in a hierarchical tree?

picture it like bitcoin mining almost. The 24-word seed is like the list of transactions. The password (25th word of the seed) is like a nonce - any value will work, and can create millions of possibilities.


isn't each passphrase generated set of addresses a separate branch of the HD tree?  however, it sounds like no further sub-branches can be built under each branch?

Each password with any given seed will generate a completely new master public and private keys. Think of it as a completely new tree.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
March 18, 2015, 05:47:00 PM
 #3852

Question: How many different passphrases does Trezor support?

over 9000

no, wait

all of them!


How hard are the passphrases to crack compared to bip38? I know there is some type of key lengthening....

I'm mostly curious how hard short passwords are to crack if you have the seed.

That'd be interesting to know, yes.

I know one thing: on each bruteforce attempt you have to query the utxo set to see if there are funds, because there's no other way to know wether or not you have found the correct passphrase. In fact you also have to check wether there address has been used in the past (and now has 0 balance so it's not in the utxo set any more) and/or query a couple more addresses in case the first one was left untouched. That alone should slow things down quite a bit.

The passphrase has to be entered via the pc, and there is no concealment from a rogue pc pin-cod style.


That's a different attack.

The question was how long would it take (in relation to passphrase length) to bruteforce the passphrase if someone finds your paper seed backup.


That would depend on the length and complexity of the password and if anything about it was known to the attacker. With a strong password it could take thousands of years. Once quantum computers are mainstream it could possibly be brute forced within minutes but by then Bitcoin protocol would have changed to a quantum alogorithm.

Let me rephrase the question then: how long would it take on commodity hardware worth 10,000$ to guess an 8-letter (uppercase, lowercase plus 10 special characters) with known seed words?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
windpath
Legendary
*
Offline Offline

Activity: 1258
Merit: 1027


View Profile WWW
March 18, 2015, 06:20:34 PM
 #3853


Let me rephrase the question then: how long would it take on commodity hardware worth 10,000$ to guess an 8-letter (uppercase, lowercase plus 10 special characters) with known seed words?


Assuming:
 
Test 2 billion keys per second, which a single high-performance computer might approximately manage.

94 Possible characters:

numbers (10 different ones: 0-9)
letters (52 different ones: A-Z and a-z)
special characters (32 different ones)

Fixed 8 char password (TREZOR pass is not fixed length)

= 94 ^8 possible combinations or 60,956,894,000,000,000,000,000

about 35 days, given our assumptions...

Major caveat: Every time you generate a possible solution you have to test it and check the balances for the given seed + the 8 letter pass phrase, if your doing this on a TREZOR it would take.. well, tens of thousands of years. If you wrote a special program that had the seed pre loaded and just tested the passwords and retrieved the balance for say the first 10 addresses from the master private key it would take hundreds if not thousands of years...

Edit: TL:DR; It really comes down to how many keys you can test (i.e. check for balance) a second, and the answer is not nearly as many as you could generate. It's simply not feasible.
tl121
Sr. Member
****
Offline Offline

Activity: 278
Merit: 254


View Profile
March 18, 2015, 09:37:29 PM
 #3854

why do we trust the Electrum server more than mytrezor.com server when it comes to tracking addresses used?

You don't have to.  You can run your own Electrum server on your premises.

https://github.com/spesmilo/electrum-server/blob/master/HOWTO.md

chmod755
Legendary
*
Offline Offline

Activity: 1610
Merit: 1021



View Profile WWW
March 18, 2015, 09:41:08 PM
 #3855

My Trezor still works great - I'm using it with GreenBits now, however the cable that comes with the Trezor stopped working after just a few days.

molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
March 18, 2015, 10:40:16 PM
 #3856

If you find masterpub key (which can be done if you monitor the good things before getting hands on seed) you just need to match key, and not test balance.

Good point, but: if you can monitor the trezor you can probably also monitor the keyboard, so no need to bruteforce.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
keithers
Legendary
*
Offline Offline

Activity: 1456
Merit: 1001


This is the land of wolves now & you're not a wolf


View Profile
March 18, 2015, 11:36:21 PM
 #3857

what is up with the mytrezor page having captchas now?  Is that normal?   Today is the first time I have seen that...
kkurtmann
Sr. Member
****
Offline Offline

Activity: 475
Merit: 250



View Profile WWW
March 19, 2015, 12:46:38 AM
 #3858

what is up with the mytrezor page having captchas now?  Is that normal?   Today is the first time I have seen that...

no captcha for me on mytezor.com.

slush pool site has had captchas for a long time though.

https://www.buytrezor.com?a=55c37b866c11   well sir, I like it!
jackbox
Legendary
*
Offline Offline

Activity: 1246
Merit: 1024



View Profile
March 19, 2015, 03:28:17 AM
 #3859

what is up with the mytrezor page having captchas now?  Is that normal?   Today is the first time I have seen that...

I never encounted a captcha on the mytrezor.com site.

Buy a Trezor and Protect your BTC, BCH, BTG, DASH, LTC, DGB, ZEC, ETH and ETC from hackers.
If I was helpful please buy me a coffee BTC: 1DWK7vBaxcTC5Wd2nQwLGEoy8xdFVzGKLK  BTG: AWvN1iBqCUqG2tEh3XoVvRbdcGrAzfBBpW
If I was helpful please buy me a burger DGB: DLASV6CUQpGtGSyaVz5FYuu5YxZ17MoGQz
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
March 19, 2015, 05:46:29 PM
 #3860

what is up with the mytrezor page having captchas now?  Is that normal?   Today is the first time I have seen that...

Captchas come from Cloudflare. Your request might come from an IP range that is somehow suspicious (e.g. the might have been a DDoS attack in the past ...)

Pages: « 1 ... 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 [193] 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!