|
JorgeStolfi
|
 |
April 09, 2015, 07:23:10 PM |
|
Ahem. Anyone remembers a guy who used to post warnings here about hypothetical physical attacks, and got called retard, paranoid, fudster, shill, and some nastier things?... Nice to see people working on breaking the Trezor and making it stronger!
Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on). But that is good news for Trezor owners!  |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
btchip
|
|
April 09, 2015, 08:35:10 PM |
|
Ahem. Anyone remembers a guy who used to post warnings here about hypothetical physical attacks, and got called retard, paranoid, fudster, shill, and some nastier things?...
I believe this was caused by the endless FUD around possible interdiction of hardware wallets rather than the description of a well documented attack. |
|
|
|
|
fonsie
|
|
April 09, 2015, 09:17:15 PM |
|
Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on). But that is good news for Trezor owners! Did you even bother to read the article? |
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
|
JorgeStolfi
|
|
April 09, 2015, 09:32:16 PM |
|
Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on). But that is good news for Trezor owners! Did you even bother to read the article? Did you understand it? |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
fonsie
|
|
April 09, 2015, 09:34:11 PM |
|
Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on). But that is good news for Trezor owners! Did you even bother to read the article? Did you understand it? Yes, did you? |
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
|
JorgeStolfi
|
|
April 09, 2015, 09:41:50 PM |
|
Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on). But that is good news for Trezor owners! Did you even bother to read the article? Did you understand it? Yes, did you? Sorry folks, please don't pay attention, he is one of my personal exclusive trolls. I still suspect that he may be a Brazilian student that I flunked, hence his generosity in rendering his services for free, 24/7. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
fonsie
|
|
April 09, 2015, 09:49:46 PM |
|
I was more interested in determining the private key. In this section I will therefore look into the key generation. To avoid noise from the display, I set a blank home screen. You can consider this as cheating as changing the home screen requires the PIN. However, an unscrupulous attacker may just break open the case and rip off the display to achieve the same effect. The following graphic shows the computation of the master public key m/44'/0'/0'/0. The above quote gives me the impression you'll need physical access to the Trezor. You'll also have to disconnect the screen. Also, if you have passphrase protection, this attack does not work even with firmware 1.3.1, so you may consider adding that, too. The above quote says that using a passphrase makes the attack pointless So if you are stupid enough to not use a passphrase, it would be easier and cheaper for the thieve to buy a 5$ wrench (he saves 65$) and kindly ask for the piece of paper that had the seed written on it. Please correct me if I'm wrong oh mighty stolfi ( I will admit it if I'm wrong, my balls can handle it ) and NO I'M NOT YOUR STUDENT. PS: The attacker can use his own PC, he does not need an "physically compromised PC" |
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
|
JorgeStolfi
|
|
April 09, 2015, 10:04:04 PM |
|
I was more interested in determining the private key. In this section I will therefore look into the key generation. To avoid noise from the display, I set a blank home screen. You can consider this as cheating as changing the home screen requires the PIN. However, an unscrupulous attacker may just break open the case and rip off the display to achieve the same effect. The following graphic shows the computation of the master public key m/44'/0'/0'/0. The above quote gives me the impression you'll need physical access to the Trezor. You'll also have to disconnect the screen. The power measurement could be done from inside the PC, by inserting the resistor and voltage probes in the wires leading to USB port. Turning off the progress display (which, according to that paragraph, a user can do without disconnecting the screen) reduces the noise and simplifies the analysis of the signal. A more thorough analysis could perhaps succeed even if the progress display is active. Also, if you have passphrase protection, this attack does not work even with firmware 1.3.1, so you may consider adding that, too. The above quote says that using a passphrase makes the attack pointless That protection is effective if someone stole the Trezor and tried to extract the private key by telling it to produce the public key. But if the power measurement rig is hidden inside the PC, the trick could be used even without stealing the device. Just wait until the user himself tries to use it. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
fonsie
|
|
April 09, 2015, 10:08:06 PM
Last edit: April 09, 2015, 10:23:53 PM by fonsie |
|
Not sure what kind of PC equiment they are using in Brazil, but unless the equipment needed is very tiny. Good luck putting it in my Nexus 6 or MacBook.
So as promised:
Trolfi I'll admit you are partially correct, but next time, keep your trolling attempts a bit more "possible in the real world".
Drug dealers(aka bitcoiners) are more for the quick approach when stealing.
|
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
|
JorgeStolfi
|
|
April 10, 2015, 12:03:40 AM |
|
but unless the equipment needed is very tiny. Good luck putting it in my Nexus 6 or MacBook.
For a PC in one's workplace, in a hotel convenience room, cash register desk, or internet cafe, the part that needs to be inside the PC is the resistor and two shielded probe cables leading to a digital oscilloscope hidden somewhere else. Othwerwise one would need a small circuit that includes the A-D converter, some memory, and some means to transmit the data out at a suitable opportunity, e.g. by bluetooth. It may be hard to fit that inside a laptop, but perhaps the physical hacker can remove a speaker or some other component whose absence will not be noticed. Recall that the whole point of a hardware wallet is to keep the keys safe even when using an untrusted machine to sign transactions or hand over a public key. Requiring the host to have trusted hardware would be a significant restriction to its scope. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
2112
Legendary
 Offline
Activity: 2128
Merit: 1068
|
|
April 10, 2015, 03:22:40 AM |
|
For a PC in one's workplace, in a hotel convenience room, cash register desk, or internet cafe, the part that needs to be inside the PC is the resistor and two shielded probe cables leading to a digital oscilloscope hidden somewhere else. Othwerwise one would need a small circuit that includes the A-D converter, some memory, and some means to transmit the data out at a suitable opportunity, e.g. by bluetooth. It may be hard to fit that inside a laptop, but perhaps the physical hacker can remove a speaker or some other component whose absence will not be noticed.
Recall that the whole point of a hardware wallet is to keep the keys safe even when using an untrusted machine to sign transactions or hand over a public key. Requiring the host to have trusted hardware would be a significant restriction to its scope.
How about a quick&simple workaround for this somewhat advanced attack? When a drug-dealer bitcoiner wants to use Trezor on a really untrusted computer then connect it through a small powered USB hub than one can carry together with the Trezor. Would that defeat this attack? |
|
|
|
|
JorgeStolfi
|
|
April 10, 2015, 03:26:33 AM |
|
How about a quick&simple workaround for this somewhat advanced attack?
When a drug-dealer bitcoiner wants to use Trezor on a really untrusted computer then connect it through a small powered USB hub than one can carry together with the Trezor. Would that defeat this attack?
It would work, I suppose. |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
NLNico
Legendary
Offline
Activity: 1876
Merit: 1295
DiceSites.com owner
|
|
April 10, 2015, 03:27:19 AM |
|
johoe, same guy who returned 250 coins to blockchain.info. Very impressive. |
|
|
|
|
fonsie
|
|
April 10, 2015, 08:38:18 AM |
|
johoe, same guy who returned 250 coins to blockchain.info. Very impressive. Indeed, a very capable guy with his heart in the right place. Perhaps we can let him take a look at the voynich manuscript... |
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
|
JorgeStolfi
|
|
April 10, 2015, 10:54:42 AM |
|
johoe, same guy who returned 250 coins to blockchain.info. Very impressive.
Indeed, a very capable guy with his heart in the right place. Perhaps we can let him take a look at the voynich manuscript... Folks, again, sorry for the above off-topic and incomprehensible post, but this @fonsie guy has been stalking me for months. He seems to be obssessed with my person, I don't know why. He parodies my signature and even used a photo of myself as avatar for a while. I wonder if he knows that I am married already? |
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
fonsie
|
|
April 10, 2015, 10:56:30 AM |
|
johoe, same guy who returned 250 coins to blockchain.info. Very impressive.
Indeed, a very capable guy with his heart in the right place. Perhaps we can let him take a look at the voynich manuscript... Folks, again, sorry for the above off-topic and incomprehensible post, but this @fonsie guy has been stalking me for months. He seems to be obssessed with my person, I don't know why. He parodies my signature and even used a photo of myself as avatar for a while. I wonder if he knows that I am married already? Not sure why, but it seems the only one doing the stalking is you. If you don't like me posting, don't let the door hit you on the way out. Can't you stand that credit is given where credit is due? What's wrong with giving credit for his remarkable achievement in detecting a weakness in Trezor and helping it resolve? Why are you also constantly without shame trying to hurt SatoshiLabs their business? All of this for a so called Professor, you should know better. |
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
|
jmw74
|
|
April 10, 2015, 12:40:28 PM |
|
For a PC in one's workplace, in a hotel convenience room, cash register desk, or internet cafe, the part that needs to be inside the PC is the resistor and two shielded probe cables leading to a digital oscilloscope hidden somewhere else. Othwerwise one would need a small circuit that includes the A-D converter, some memory, and some means to transmit the data out at a suitable opportunity, e.g. by bluetooth. It may be hard to fit that inside a laptop, but perhaps the physical hacker can remove a speaker or some other component whose absence will not be noticed.
Recall that the whole point of a hardware wallet is to keep the keys safe even when using an untrusted machine to sign transactions or hand over a public key. Requiring the host to have trusted hardware would be a significant restriction to its scope.
How about a quick&simple workaround for this somewhat advanced attack? When a drug-dealer bitcoiner wants to use Trezor on a really untrusted computer then connect it through a small powered USB hub than one can carry together with the Trezor. Would that defeat this attack? Wouldn't it be much more convenient and safe to just use an old Android device running Mycelium? Edit: just remembered this requires USB OTG, which I think it not supported by old devices. Still, there are probably cheap android devices that do support it. |
|
|
|
|
|
fonsie
|
|
April 10, 2015, 12:59:37 PM |
|
A new device works just as good.
|
I decided to no longer use a signature, because people were trolling me about it.
|
|
|
defcon23
Legendary
Offline
Activity: 1120
Merit: 1002
|
|
April 10, 2015, 03:17:40 PM |
|
johoe, same guy who returned 250 coins to blockchain.info. Very impressive. impressive is THE perfect word here...  |
|
|
|
|
600watt
Legendary
Offline
Activity: 2338
Merit: 2106
|
|
April 11, 2015, 09:52:55 AM |
|
ok, i have updated my trezor.
when i plug it in, it asks for the pin. after i punch in the pin it shows the device name but that is it. it does not ask for the passphrase. what should i do ? (tried several times to disconnect it and plugged it in again. always the same. it seems to try to load something, but it never gets there.)
|
|
|
|
|
|
