[ESHOP launched] Trezor: Bitcoin hardware wallet

[bitpop]

If I buy a 100% bullet proof vest, I don't go to Compton holding a sign saying Ni**er to test it. Why? It may be bullet proof but what about rockets? flame throwers to cook you in it? Etc. You haven't thought of future attacks.

Use it at home and don't put it into an attack.

[1714973653]

1714973653

[1714973653]

1714973653

[1714973653]

1714973653

[1714973653]

1714973653

[1714973653]

1714973653

[1714973653]

1714973653

[stick]

I'd rather have it work over NFC, that's a much better idea.

using the same logic as yours: what if i use NFC antenna and pour 500 V into it? it will create quite strong EMP field effectively destroying the device you put close to it :-)

[molecular]

For buying things from a merchant, just plugging a trezor into your smartphone is probably good enough if you want that level of security.

Has any of the smartphone app devs commited to supporting trezor? I think it might be an especially good fit for BitcoinSpinner, because of the aim for simplicity.

Of course the phone needs to support USB OTG for that to work.

[molecular]

I'd rather have it work over NFC, that's a much better idea.

using the same logic as yours: what if i use NFC antenna and pour 500 V into it? it will create quite strong EMP field effectively destroying the device you put close to it :-)

You shouldn't give people ideas like that.

[stick]

You shouldn't give people ideas like that.

I was just using an example to show why the logic of the poster was flawed. :-)

[molecular]

You shouldn't give people ideas like that.

I was just using an example to show why the logic of the poster was flawed. :-)

Yeah, that worked for me. I saw the flawed logic and now I got this soldering iron in my hand and am looking at maxwells equations. :-)

[bitpop]

Where is slush? Maybe he isn't as arrogant, as he's been robbed before.

[molecular]

Where is slush? Maybe he isn't as arrogant, as he's been robbed before.

what do you mean?

[Anon136]

*edit* maybe the next step for you guys is a hardware devise for merchants which they can use to protect them selves from devises that look like trezors but are actually not.

It would be a second computer, with a limited interface to the main/cash/online computer. This second computer does nothing than create a transaction, let the Trezor sign it, verifies the signature, and sends it to the main computer.
Sounds totally 'spy vs spy', and indeed makes sense! Could be a tablet phone/computer with USB-OTG, and a softwaresolution.
Throw NFC and a QR-receipt-printer at it for good measure.

I like!

Ente

bitpop: You are spreading FUD.

Ok, so now the merchant needs a second computer, with a secure interface to the main computer / cash register, with Internet access (since it needs to see the blockchain) and software developed for both the main computer and this computer. Yup, that will work ...

Also, you keep saying that the Trezor doesn't have to trust the computer - you keep forgetting that they have an electrical connection - what if a merchant decides to apply let's say 500V on the +5V line of the USB connector. Poof goes your 1 BTC (or 3 BTC) wallet (unless it has some sort of discharge protection - does it?). The same works in reverse, what if I make a Trezor lookalike with a supercapacitor that discharges over the USB port of whatever I plug it into. Poof goes the super-secure second computer / cash register.

I'd rather have it work over NFC, that's a much better idea.

um doesnt pretty much every retailer in the first word have a little terminal for credit cards? how is this any different?

[molecular]

um doesnt pretty much every retailer in the first word have a little terminal for credit cards? how is this any different?

the difference is: you're not transferring centrally monitored IOUs on colorful paper nothings, but sound money.

[Mike Hearn]

yep. i don't really see why people think that phone is required in that scenario :-) the point of trezor is that you don't have to trust the computer at all.

Maybe because the Trezor protocol requires the computer to be able to build transactions and thus know the contents of your wallet, including your root public key and so your balance + past/future transactions ?

Come on stick. You know as well as I do that Trezor does not mean "you don't have to trust the computer". It means "the computer cannot steal your money". That is NOT the same thing. The computer still gets to have a lot of private, sensitive financial data that I wouldn't want random coffee shop baristas to have.

And yes, I agree that plugging the device into a phone is a bit ugly. That's why I'd not do it very often. Just when I want to refill my mobile wallet which can then pay others with a single tap, scan or airdrop style interaction.

[drazvan]

um doesnt pretty much every retailer in the first word have a little terminal for credit cards? how is this any different?

A credit card doesn't cost $100 in plastic and $300 in metal and the bank will exchange it for free if stolen/damaged. And if they fry the NFC part via EMP, you still have the magstripe. If they also apply a strong magnetic field and erase that as well, you still have the card digits and one of those imprinters would work just fine.

Again, I'm not saying it can't be made secure, I'm just pointing out that it's not as easy as "just plug it into the merchant's USB port and it will work". There's a lot of work that still needs to be done to make that happen and I doubt that any merchant will invest in all this extra hardware just to support a $100-$300 device that people _might_ have on them.

I'm speaking from experience, I've seen what happened to contactless Visa and Mastercard deployments here in Romania. Very few people have contactless cards, so even though the employees get training on how to use the terminals, they forget it if nobody pays that way. They simply ask you to use the card as a normal chip-and-pin card and their contactless readers are either disconnected or broken. Who's going to offer maintenance services for all this extra hardware and how much will it cost the merchant? Will it make sense for them financially to pay that amount (what advantages do they get compared to standard Bitcoin payments)?

[RedRobin2442]

um doesnt pretty much every retailer in the first word have a little terminal for credit cards? how is this any different?

A credit card doesn't cost $100 in plastic and $300 in metal and the bank will exchange it for free if stolen/damaged. And if they fry the NFC part via EMP, you still have the magstripe. 

You may still have the strip, but its blank

[Mike Hearn]

By the way, I was talking to Chris (of BitSafe) at the conference and he brought up a good point we haven't considered before.

The combination of TREZOR/BitSafe and the payment protocol means you can get money out of the device safely, assuming the entity you're paying is signing their payment requests. But how do you get money into it? If your computer is compromised, this is hard.

Chris suggested a reverse payment protocol. As far as I can see, the best way to solve it is indeed for each device to be issued with a private key at the factory, with a certificate signed by the manufacturers (you), so it can prove that it's a real TREZOR. Then you strike deals with exchanges so they act as resellers, like how Mt Gox resells YubiKeys. When you order a TREZOR from the exchange, they record the public key+certificate of the device alongside your account and will only allow you to export your bitcoins to a key signed by the private key of the device. In this way a virus on your computer cannot redirect your coins once you have bought them on the exchange.

[hazek]

By the way, I was talking to Chris (of BitSafe) at the conference and he brought up a good point we haven't considered before.

The combination of TREZOR/BitSafe and the payment protocol means you can get money out of the device safely, assuming the entity you're paying is signing their payment requests. But how do you get money into it? If your computer is compromised, this is hard.

Not really? Why would it be hard? The same way the device asks you to authorize a transaction it should be able to ask you to authorize a signature for a certain address. And if you are signing for a public key that a virus put there instead of the real public key, the hardware wallet signature wont be valid with that public key.

[CoinSphere]

https://i.imgur.com/tDG66wt.jpg

Here's a quick mockup I made. I just made some guesses on the Trezor's actual dimensions.

If a user wanted to use a wifi/NFC/Bluetooth + battery + USB host device and connected it to the Trezor like the above picture then any arbitrary communication protocol could be used to send information to the red "base station" from the merchant. Then the device could build the transaction without giving the Barista the ability to see the entire financial history of the wallet (depending how smart you could make the device). A cell phone could be linked to such a device as well.

This fixes the problem of the direct electrical connection, but does introduce other security issues (spoofing wifi/NFC/Bluetooth, etc.).

[marcus_of_augustus]

I might offer a bounty to the first instance of a picture/video of a bonafide grandma using a Trezor somewhere .... mmm, might have to be at retail location somewhere grandma like also.

[gweedo]

I preordered one, and I hardly do this kinda of things, so I am ready for some more security

[caveden]

By the way, I was talking to Chris (of BitSafe) at the conference and he brought up a good point we haven't considered before.

The combination of TREZOR/BitSafe and the payment protocol means you can get money out of the device safely, assuming the entity you're paying is signing their payment requests. But how do you get money into it? If your computer is compromised, this is hard.

Not really? Why would it be hard? The same way the device asks you to authorize a transaction it should be able to ask you to authorize a signature for a certain address. And if you are signing for a public key that a virus put there instead of the real public key, the hardware wallet signature wont be valid with that public key.

The virus could send his own signature to the exchange. You would confirm something on Trezor but its signature would never even reach the exchange.

A certificate per device is probably the best way to counter such risk indeed. But I'd prefer if it were something more reusable, not something bound to a single exchange. Your device's certificate could have your name or a pseudonymous you choose the moment you buy it. This way it could be useful not only when buying coins from exchanges, but when doing person-to-person transfers as well.
I'm only wondering if it doesn't pose a problem privacy-wise. You'd sign all your addresses with the same certificate. This certificate should never end up on the blockchain so theoretically your privacy is not vulnerable to a random observer. But those who had previously sent you money will recognize you if they ever send something again.... I guess that's a reasonable trade-off, if I'm not missing anything.

[Anon136]

I might offer a bounty to the first instance of a picture/video of a bonafide grandma using a Trezor somewhere .... mmm, might have to be at retail location somewhere grandma like also.