[ESHOP launched] Trezor: Bitcoin hardware wallet

[Carlton Banks]

Perhaps you mis-read my post? I don't want Android to create the seed, I just want an app that will send the signal to the Trezor for the Trezor to make one.

I did misinterpret what you meant by "initialize seeds". But "restoring seeds" definitely satisfies the concerns I raised, I would not promote the restoring of seeds with any online device.

[BitcoinIsLiberty]

Perhaps you mis-read my post? I don't want Android to create the seed, I just want an app that will send the signal to the Trezor for the Trezor to make one.

I did misinterpret what you meant by "initialize seeds". But "restoring seeds" definitely satisfies the concerns I raised, I would not promote the restoring of seeds with any online device.

Ah, I was worried I was confused about how it works. At least the restoring seed would work like mytrezor.com where the order of words is only known to the Trezor. For the average user would you say using Android would be safer than Windows for this procedure?

[cypherdoc]

Perhaps you mis-read my post? I don't want Android to create the seed, I just want an app that will send the signal to the Trezor for the Trezor to make one.

I did misinterpret what you meant by "initialize seeds". But "restoring seeds" definitely satisfies the concerns I raised, I would not promote the restoring of seeds with any online device.

You don't have a choice for restore. You either use the keyboard on your PC or your phone.

[cypherdoc]

So Mycelium has indeed jumped the gun on Trezor firmware update. We're still on 1.3.1.

[fonsie]

For the average user would you say using Android would be safer than Windows for this procedure?

My personal take on this would be

Offline Linux > Online Linux > Latest Android > Windows

Although I have a feeling that an Android 5.1 NOT rooted might even be safer than an Online Linux PC, the other apps not being able to access the other apps it's storage space and all this, BUT I'm no security expert... Would even like an answer to this very question.

[cypherdoc]

For the average user would you say using Android would be safer than Windows for this procedure?

My personal take on this would be

Offline Linux > Online Linux > Latest Android > Windows

Although I have a feeling that an Android 5.1 NOT rooted might even be safer than an Online Linux PC, the other apps not being able to access the other apps it's storage space and all this, BUT I'm no security expert... Would even like an answer to this very question.

Yeah, that's what I would have said but the part about android being more secure than online linux is intriguing. That's what Mycelium continually argues as a safety feature, app isolation.

[BitcoinIsLiberty]

Restoring seeds always seems to be the weakest link in the whole system. If the "Trezor Tools" app implemented "advanced word entry" by inputting the seed words using the pin pad it would be impossible to steal the seed instead to too difficult to brute force the order. The user would have to look up each seed word and find the associated number and enter it using the randomized pin pad. The host computer would not be able to decipher the word being entered just like the PIN code.

[Carlton Banks]

You don't have a choice for restore. You either use the keyboard on your PC or your phone.

I know. I still don't yet have a Trezor for this reason. Maybe the Armory plugin will be written in a way that allows offline seed restore/create

Although I have a feeling that an Android 5.1 NOT rooted might even be safer than an Online Linux PC, the other apps not being able to access the other apps it's storage space and all this, BUT I'm no security expert... Would even like an answer to this very question.

I wouldn't take that feature especially seriously TBH. Maybe if the SELinux enforcement was enabled by default, but that's not going to happen. If you're thinking "well, I'll just turn this SELinux thing on then", good luck with that.

Restoring seeds always seems to be the weakest link in the whole system. If the "Trezor Tools" app implemented "advanced word entry" by inputting the seed words using the pin pad it would be impossible to steal the seed instead to too difficult to brute force the order. The user would have to look up each seed word and find the associated number and enter it using the randomized pin pad. The host computer would not be able to decipher the word being entered just like the PIN code.

And that's the only other part of the Trezor system I dislike, although it's not so bad if you can use the trezor-python library commands from an offline system. Sure, it would make the seed restore operation less user friendly, but who needs that with a function you're unlikely to use all that often? (or at least not as often as other functions like signing transactions)

[cypherdoc]

And that's the only other part of the Trezor system I dislike, although it's not so bad if you can use the trezor-python library commands from an offline system. Sure, it would make the seed restore operation less user friendly, but who needs that with a function you're unlikely to use all that often? (or at least not as often as other functions like signing transactions)

i think everyone is underestimating the desire to test the restore function just to be sure one doesn't load a bunch of BTC to the Trezor, lose the thing, and then find out you mis-copied a word.

[BitcoinIsLiberty]

And that's the only other part of the Trezor system I dislike, although it's not so bad if you can use the trezor-python library commands from an offline system. Sure, it would make the seed restore operation less user friendly, but who needs that with a function you're unlikely to use all that often? (or at least not as often as other functions like signing transactions)

i think everyone is underestimating the desire to test the restore function just to be sure one doesn't load a bunch of BTC to the Trezor, lose the thing, and then find out you mis-copied a word.

I'd feel more comfortable testing mine if I could enter the words with the pin pad. I wouldn't have to worry about any knowledge of the seed being leaked.

[Carlton Banks]

Well, it looks like the python-trezor library basically does the trick. You can definitely wipe, seed and restore from a fully offline machine. Unfortunately, it looks like you have to use the (hardware) keyboard to enter the seed for restore. It's also dangerous though, if you use the command "python trezorctl" without any arguments, it interprets that as a wipe command! Read carefully, use carefully.

[Erdogan]

And that's the only other part of the Trezor system I dislike, although it's not so bad if you can use the trezor-python library commands from an offline system. Sure, it would make the seed restore operation less user friendly, but who needs that with a function you're unlikely to use all that often? (or at least not as often as other functions like signing transactions)

i think everyone is underestimating the desire to test the restore function just to be sure one doesn't load a bunch of BTC to the Trezor, lose the thing, and then find out you mis-copied a word.

I'd feel more comfortable testing mine if I could enter the words with the pin pad. I wouldn't have to worry about any knowledge of the seed being leaked.

Are you aware that you key in the words in a sequence requested by the Trezor via the Trezor screen? The computer can know the words, but not the order.

[Carlton Banks]

Are you aware that you key in the words in a sequence requested by the Trezor via the Trezor screen? The computer can know the words, but not the order.

I was aware of that, and it's not a terrible scheme, but it would be much improved if the input device didn't even know any of the words

[Erdogan]

Are you aware that you key in the words in a sequence requested by the Trezor via the Trezor screen? The computer can know the words, but not the order.

I was aware of that, and it's not a terrible scheme, but it would be much improved if the input device didn't even know any of the words

I suppose it could be done with the current Trezor hardware, an alphabetical list of all the words, move up and down with the buttons, and extra button press to select a word. Easier with a few more buttons though. The question is, is the extra security worth the added complexity?

[BitcoinIsLiberty]

Are you aware that you key in the words in a sequence requested by the Trezor via the Trezor screen? The computer can know the words, but not the order.

I was aware of that, and it's not a terrible scheme, but it would be much improved if the input device didn't even know any of the words

I suppose it could be done with the current Trezor hardware, an alphabetical list of all the words, move up and down with the buttons, and extra button press to select a word. Easier with a few more buttons though. The question is, is the extra security worth the added complexity?

It would be even easier: bring up the list of words and associated number and enter the words by entering a number using the pin pad. The computer would not know any of the words.

[AussieHash]

That's not going to happen as the devs are comfortable with 24! combinations.  They removed +50% fake words for 24 word mnemonics some time ago

[BitcoinIsLiberty]

https://www.reddit.com/r/TREZOR/comments/31mvmx/trezor_needs_a_new_simple_android_app_a_tools_app/

Slush offered a bounty for the Trezor app idea. Not sure the amount but any coders interested should PM him!

[cypherdoc]

https://www.reddit.com/r/TREZOR/comments/31mvmx/trezor_needs_a_new_simple_android_app_a_tools_app/

Slush offered a bounty for the Trezor app idea. Not sure the amount but any coders interested should PM him!

good job

[fonsie]

I wouldn't take that feature especially seriously TBH. Maybe if the SELinux enforcement was enabled by default, but that's not going to happen. If you're thinking "well, I'll just turn this SELinux thing on then", good luck with that.

According to this article it's enabled by default since 5.0 in "full enforcement"...

https://source.android.com/devices/tech/security/selinux/index.html

Ragarding the security aspect of the host computer knowing the seed when restoring, I would just setup the Trezor with a new seed, import the old old key in Electrum on a offline PC and transfer the funds to the newly setup Trezor seed. No risks involved regarding leaking the keys/the host knowing any of the words.

[Carlton Banks]

I wouldn't take that feature especially seriously TBH. Maybe if the SELinux enforcement was enabled by default, but that's not going to happen. If you're thinking "well, I'll just turn this SELinux thing on then", good luck with that.

According to this article it's enabled by default since 5.0 in "full enforcement"...

https://source.android.com/devices/tech/security/selinux/index.html

Android 5.x isn't a full release yet, and I understand it's been problematic to get it to a usable state (although I have no idea whether that relates to SELinux enforcement). Let's just put it this way, Google will have done an exceptional job if users are not constantly making comments like: "Oh, that problem. Try turning off SELinux"

Ragarding the security aspect of the host computer knowing the seed when restoring, I would just setup the Trezor with a new seed, import the old old key in Electrum on a offline PC and transfer the funds to the newly setup Trezor seed. No risks involved regarding leaking the keys/the host knowing any of the words.

That would be fine as long as you only ever use one seed at a time, which would probably be most people? Maybe I'm wrong about that though, be interesting to hear what Trezor owners think on that