[ESHOP launched] Trezor: Bitcoin hardware wallet

[VeeMiner]

No never plug this into another computer.

stop spreading fud bitpop. This device is completely secure even on unsecure computer since the private key never leaves the device and you can't emulate the press of the hardware button to confirm the transaction

[drazvan]

What he's saying is that the device could be attacked - obviously not by design, it's designed to not allow the private key to be read by issuing commands to the Trezor. But depending on the chip they've chosen, physical possession of the Trezor by an attacker would allow him to run other types of attacks (power analysis, etc.) to extract the private keys from the memory.

I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.

As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.

[VeeMiner]

What he's saying is that the device could be attacked - obviously not by design, it's designed to not allow the private key to be read by issuing commands to the Trezor. But depending on the chip they've chosen, physical possession of the Trezor by an attacker would allow him to run other types of attacks (power analysis, etc.) to extract the private keys from the memory.

I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.

As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.

you could use it at a merchant with no worries

[drazvan]

Either the device is secure or it isn't. If it isn't, then it's pointless. If it is, then it is safe to use on your own (presumably infected) computer or a merchant's.

It may be safe for you, but not for the merchant . It's their computer (possibly the one running the cash register) that you're plugging the Trezor in ... not gonna happen .

It is safe to use on your own computer, even if it's infected with malware/viruses/etc. It's not necessarily safe from physical attacks (and I don't think they ever claimed it would be), it just exposes a Bitcoin signing interface through a very limited interface. It is also not a full Bitcoin wallet, it's just an accessory to one.

[drazvan]

you could use it at a merchant with no worries

No worries for who? You or the merchant? Just go into a store tomorrow and ask them if you could plug your Trezor (or a USB stick or a keyboard or something) into their cash register to pay .

I'm not saying it can't be done, I just don't see merchants installing and securing a separate computer for Bitcoin payments (something you could safely (for them) plug any USB device in). Look at that link I've sent you, that rubbery ducky USB flash drive is actually a keyboard that instantly types a set of commands to hack your computer the moment you've inserted it into an USB port. No need for autorun, as far as your system is concerned, it's a keyboard, typing commands. Have a look, it's nice (and scary at the same time).

[bitpop]

Just saying, why use this at a merchant? There's no reason to so just don't. And what if you accidentally use an address you just have away the private key for?

Having said that, I love this for personal use and hopefully version 2 will support private key transfer over a segregated nfc chip.

[bitpop]

This isn't even advertised to MOVE private keys, they are supposed to stay. You can give a hint about your seed that way. I'm not spreading fud. Either you don't understand what this device is or you want to hack people.

[bitpop]

Stop trying to get customers and merchants hacked.

What he's saying is that the device could be attacked - obviously not by design, it's designed to not allow the private key to be read by issuing commands to the Trezor. But depending on the chip they've chosen, physical possession of the Trezor by an attacker would allow him to run other types of attacks (power analysis, etc.) to extract the private keys from the memory.

I don't really expect any merchant to allow you to just randomly walk in and plug a device (_any_ device) into an USB port on their computer. Especially one that implements the HID protocol (presents itself as a keyboard). See http://hakshop.myshopify.com/products/usb-rubber-ducky for an example of what I mean.

As far as I understand, the Trezor is meant to keep your private keys secure in case your computer is infected with malware. It's not something you would use at a merchant.

you could use it at a merchant with no worries

[Garr255]

Those accusing bitpop of being malicious:

He's not. He is simply informing you all with perfectly accurate information. Hardware wallets are the next step in securing our coins, but they are certainly not bulletproof and (as with anything) should still be treated with care and without negligence.

[stick]

There is absolutely no reason why TREZOR can not be used at merchant (and his from costumer-side untrusted terminal).

[bitpop]

Ok well I've already bought one. I don't intend using it like that and I'm sure it's safe. I just don't think it's good to get comfortable sharing usb devices. As said earlier, you can quickly infect your computer or the merchant with a fake device.

Even if this device is bullet proof which I don't think anything can be when you have physically possession, I can quickly infect a merchant using a fake usb device and a 0 day.

It will be hacked
http://www.securitydirectornews.com/commercial-and-enterprise/researchers-hack-popular-smartcard-used-access-control

http://m.slashdot.org/story/131116
Tpm had been too and that's identical to this. But they need physical access and you're giving it to them. Without physical access, you're safe.


Buy one! I did! Just use it responsibly! The network is a condom, be safe. There's no reason to be transferring keys.

[chrisrico]

Ok well I've already bought one. I don't intend using it like that and I'm sure it's safe. I just don't think it's good to get comfortable sharing usb devices. As said earlier, you can quickly infect your computer or the merchant with a fake device.

Even if this device is bullet proof which I don't think anything can be when you have physically possession, I can quickly infect a merchant using a fake usb device and a 0 day.

It will be hacked
http://www.securitydirectornews.com/commercial-and-enterprise/researchers-hack-popular-smartcard-used-access-control

http://m.slashdot.org/story/131116
Tpm had been too and that's identical to this. But they need physical access and you're giving it to them. Without physical access, you're safe.


Buy one! I did! Just use it responsibly! The network is a condom, be safe. There's no reason to be transferring keys.

If we could rely upon our personal computers not having malicious software, then the Trezor would be pointless. If the Trezor cannot protect against malicious software running on your (or a merchant's computer), then it is also pointless. If a merchant could target the Trezor, then so could malicious software running on your own computer.

I'll give you that a merchant probably won't let people plug random USB devices into their computer system. So, nobody will probably have the opportunity to use the Trezor in this way, but if it is unsafe for the user to do so, then it is unsafe to plug it in to your (potentially infected) personal computer.

[Anon136]

There is absolutely no reason why TREZOR can not be used at merchant (and his from costumer-side untrusted terminal).

thanks for clearing that up. this is REALLY big. just plug it into the usb hub at the merchants and click ok. now people with 0 computer literacy will be able to participate in the bitcoin economy.

maybe though the merchant would have to be worried that your trezor wasn't really a trezor and was actually designed to infect their system with malware?

*edit* maybe the next step for you guys is a hardware devise for merchants which they can use to protect them selves from devises that look like trezors but are actually not.

[Mike Hearn]

For buying things from a merchant, just plugging a trezor into your smartphone is probably good enough if you want that level of security. You could keep your trezor in your bag or purse, and just move move money into the software-only wallet on your phone from time to time to keep things convenient.

[Anon136]

For buying things from a merchant, just plugging a trezor into your smartphone is probably good enough if you want that level of security. You could keep your trezor in your bag or purse, and just move move money into the software-only wallet on your phone from time to time to keep things convenient.

grandma isnt going to do that. grandma might however plug it into a usb slot at the check out counter and press ok.

[stick]

For buying things from a merchant, just plugging a trezor into your smartphone is probably good enough if you want that level of security. You could keep your trezor in your bag or purse, and just move move money into the software-only wallet on your phone from time to time to keep things convenient.

grandma isnt going to do that. grandma might however plug it into a usb slot at the check out counter and press ok.

yep. i don't really see why people think that phone is required in that scenario :-) the point of trezor is that you don't have to trust the computer at all.

[Ente]

*edit* maybe the next step for you guys is a hardware devise for merchants which they can use to protect them selves from devises that look like trezors but are actually not.

It would be a second computer, with a limited interface to the main/cash/online computer. This second computer does nothing than create a transaction, let the Trezor sign it, verifies the signature, and sends it to the main computer.
Sounds totally 'spy vs spy', and indeed makes sense! Could be a tablet phone/computer with USB-OTG, and a softwaresolution.
Throw NFC and a QR-receipt-printer at it for good measure.

I like!

Ente

bitpop: You are spreading FUD.

[Anon136]

*edit* maybe the next step for you guys is a hardware devise for merchants which they can use to protect them selves from devises that look like trezors but are actually not.

It would be a second computer, with a limited interface to the main/cash/online computer. This second computer does nothing than create a transaction, let the Trezor sign it, verifies the signature, and sends it to the main computer.
Sounds totally 'spy vs spy', and indeed makes sense! Could be a tablet phone/computer with USB-OTG, and a softwaresolution.
Throw NFC and a QR-receipt-printer at it for good measure.

I like!

Ente

bitpop: You are spreading FUD.

i was thinking that it would look like a usb cable punctuated with a small box with a small screen and that little box would be an application specific computer sort of like a trezor.

[drazvan]

*edit* maybe the next step for you guys is a hardware devise for merchants which they can use to protect them selves from devises that look like trezors but are actually not.

It would be a second computer, with a limited interface to the main/cash/online computer. This second computer does nothing than create a transaction, let the Trezor sign it, verifies the signature, and sends it to the main computer.
Sounds totally 'spy vs spy', and indeed makes sense! Could be a tablet phone/computer with USB-OTG, and a softwaresolution.
Throw NFC and a QR-receipt-printer at it for good measure.

I like!

Ente

bitpop: You are spreading FUD.

Ok, so now the merchant needs a second computer, with a secure interface to the main computer / cash register, with Internet access (since it needs to see the blockchain) and software developed for both the main computer and this computer. Yup, that will work ...

Also, you keep saying that the Trezor doesn't have to trust the computer - you keep forgetting that they have an electrical connection - what if a merchant decides to apply let's say 500V on the +5V line of the USB connector. Poof goes your 1 BTC (or 3 BTC) wallet (unless it has some sort of discharge protection - does it?). The same works in reverse, what if I make a Trezor lookalike with a supercapacitor that discharges over the USB port of whatever I plug it into. Poof goes the super-secure second computer / cash register.

I'd rather have it work over NFC, that's a much better idea.

[cbeast]

I see the Trezor as mostly useful like a Yubikey with thousands of keys stored. Social networks can use them to securely identify logins and also offer micro payments to play with farm animals.