[ESHOP launched] Trezor: Bitcoin hardware wallet

[chrisrico]

I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself - surely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means. On the other hand, if the code was to be entered on the Trezor itself, such a scenario is not possible unless the PIN code is provided by the owner under duress.

I believe the PINs are one time use only. The reason it's not entered on the Trezor is that it only has two buttons.

edit... Whoops, I was confusing the PIN with the OTP. Still... 2 buttons = annoying to type a decimal PIN.

[novusordo]

Would one be able to use a Trezor to sign transactions from an android phone, with a two-sided microUSB cable?

[rethaw]

Just put in a pre-order; it looks great and I'm excited to see how people use it!

[stick]

Would one be able to use a Trezor to sign transactions from an android phone, with a two-sided microUSB cable?

Yes if your phone supports USB OTG (aka USB host).

[Mike Hearn]

(which modern Android phones do support)

[jackjack]

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

[bitpop]

IT works, you just need a second battery.

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

[jackjack]

IT works, you just need a second battery.

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

Don't you need CM?

[bitpop]

I don't think so
http://www.androidcentral.com/android-advanced-usb-otg-nexus-4
http://www.amazon.com/Micro-Cable-Power-Samsung-AtomicMarket/dp/B009YPYORM/

IT works, you just need a second battery.

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

Don't you need CM?

[neoranga]

I don't think so
http://www.androidcentral.com/android-advanced-usb-otg-nexus-4
http://www.amazon.com/Micro-Cable-Power-Samsung-AtomicMarket/dp/B009YPYORM/

IT works, you just need a second battery.

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

Don't you need CM?

Great and very useful links, thanks for sharing

[bitpop]

You only need a kernel patch to automatically mount disks, otherwise you can just use an app.

I don't think so
http://www.androidcentral.com/android-advanced-usb-otg-nexus-4
http://www.amazon.com/Micro-Cable-Power-Samsung-AtomicMarket/dp/B009YPYORM/

IT works, you just need a second battery.

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

Don't you need CM?

Great and very useful links, thanks for sharing

[molecular]

(which modern Android phones do support)

Nexus 4:
 - modern Android phone
 - no OTG support

of course it has OTG support. Just verified this last week by connecting hid devices.

of course you need to root and install some stuff.

[jackjack]

I just looked at the links, you need a deodexed ROM
Not sure the people aimed by Trezor know what is a deodexed ROM, how to install it, and want to do it...

[molecular]

I just looked at the links, you need a deodexed ROM
Not sure the people aimed by Trezor know what is a deodexed ROM, how to install it, and want to do it...

I don't even know what a deodexed ROM is. Using cyanogenmod it was as easy as installing a zip using recovery (ziddey-otg-M3-06281551.zip) I used guide found here: http://forum.xda-developers.com/showthread.php?t=2181820

EDIT: oh, and: noodly appendage-shake!

[jackjack]

I can't find the time to install a CM... Maybe one day. Hopefully before Trezor is available.

Ramen, brother.

[btchip]

I don't think any specific ROM is needed to communicate with a generic HID device (I'll recheck though)

[randomguy7]

Afaik the nexus 4 has the usb-otg supported removed from the kernel as the hardware for whatever reason can't supply the 500mA required by the usb specs. Iirc that's what some commit comment in the source said.

[molecular]

There's a vote for (commercial) bitcoin project of the quarter Q3 2012.

Trezor is one of the nominees.

[slush]

I'm confused as to why the PIN code is entered into the wallet application, rather than the device itself

This is covered in our FAQ: http://www.bitcointrezor.com/faq/#safe-enter-pin-computer-not-trezor

surely that increases the risk of a successful physical theft. Assuming the PIN code is not changed on a regular basis, using the device on an infected workstation would essentially render the PIN code useless if attacked through a combination of both digital and physical means.

Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed. But with physical access to the device, having physical keyboard doesn't improve the situation too much.

[jago25_98]

hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?