|
btchip
|
 |
June 19, 2013, 02:21:45 PM |
|
That does not explain why the PIN code is not entered on the Trezor itself, as suggested in my original post.
I'd say because it'd be pretty much annoying to enter a PIN code on a device with 2 buttons and it doesn't provide more security to enter the PIN on the device itself here, as an attacker still has to steal the device to use the PIN code he collected from a compromised computer |
|
|
|
|
chrisrico
|
|
June 19, 2013, 05:13:45 PM |
|
I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself - surely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means. On the other hand, if the code was to be entered on the Trezor itself, such a scenario is not possible unless the PIN code is provided by the owner under duress.
I believe the PINs are one time use only. The reason it's not entered on the Trezor is that it only has two buttons. edit... Whoops, I was confusing the PIN with the OTP. Still... 2 buttons = annoying to type a decimal PIN. |
|
|
|
|
|
novusordo
|
|
June 29, 2013, 07:49:56 PM |
|
Would one be able to use a Trezor to sign transactions from an android phone, with a two-sided microUSB cable?
|
|
|
|
|
rethaw
|
|
June 30, 2013, 04:49:31 AM |
|
Just put in a pre-order; it looks great and I'm excited to see how people use it!
|
|
|
|
|
stick
|
|
June 30, 2013, 02:42:49 PM |
|
Would one be able to use a Trezor to sign transactions from an android phone, with a two-sided microUSB cable?
Yes if your phone supports USB OTG (aka USB host). |
|
|
|
Mike Hearn
Legendary
 Offline
Activity: 1526
Merit: 1134
|
|
July 01, 2013, 08:22:53 AM |
|
(which modern Android phones do support)
|
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 01, 2013, 08:24:04 AM |
|
(which modern Android phones do support)
Nexus 4: - modern Android phone - no OTG support |
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc. |
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
July 01, 2013, 08:25:49 AM |
|
IT works, you just need a second battery. (which modern Android phones do support)
Nexus 4: - modern Android phone - no OTG support |
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 01, 2013, 08:34:31 AM |
|
IT works, you just need a second battery. (which modern Android phones do support)
Nexus 4: - modern Android phone - no OTG support Don't you need CM? |
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc. |
|
|
|
|
neoranga
Newbie
Offline
Activity: 50
Merit: 0
|
|
July 01, 2013, 09:11:34 AM |
|
Great and very useful links, thanks for sharing  |
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
July 01, 2013, 11:29:04 AM |
|
You only need a kernel patch to automatically mount disks, otherwise you can just use an app. Great and very useful links, thanks for sharing |
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
July 01, 2013, 12:35:34 PM |
|
(which modern Android phones do support)
Nexus 4: - modern Android phone - no OTG support of course it has OTG support. Just verified this last week by connecting hid devices. of course you need to root and install some stuff. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 01, 2013, 12:51:30 PM |
|
I just looked at the links, you need a deodexed ROM
Not sure the people aimed by Trezor know what is a deodexed ROM, how to install it, and want to do it...
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc. |
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
July 01, 2013, 05:31:07 PM |
|
I just looked at the links, you need a deodexed ROM
Not sure the people aimed by Trezor know what is a deodexed ROM, how to install it, and want to do it...
I don't even know what a deodexed ROM is. Using cyanogenmod it was as easy as installing a zip using recovery (ziddey-otg-M3-06281551.zip) I used guide found here: http://forum.xda-developers.com/showthread.php?t=2181820EDIT: oh, and: noodly appendage-shake! |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 01, 2013, 08:48:10 PM |
|
I can't find the time to install a CM... Maybe one day. Hopefully before Trezor is available.
Ramen, brother.
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc. |
|
|
|
btchip
|
|
July 01, 2013, 09:16:59 PM |
|
I don't think any specific ROM is needed to communicate with a generic HID device (I'll recheck though)
|
|
|
|
|
randomguy7
|
|
July 01, 2013, 09:33:54 PM |
|
Afaik the nexus 4 has the usb-otg supported removed from the kernel as the hardware for whatever reason can't supply the 500mA required by the usb specs. Iirc that's what some commit comment in the source said.
|
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
July 14, 2013, 04:00:10 PM |
|
There's a vote for (commercial) bitcoin project of the quarter Q3 2012. Trezor is one of the nominees. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
July 14, 2013, 10:10:55 PM |
|
I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself This is covered in our FAQ: http://www.bitcointrezor.com/faq/#safe-enter-pin-computer-not-trezorsurely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means. Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed. But with physical access to the device, having physical keyboard doesn't improve the situation too much. |
|
|
|
|
