|
|
jackbox
Legendary
 Offline
Activity: 1246
Merit: 1024
|
 |
April 07, 2015, 04:33:06 PM
Last edit: April 08, 2015, 03:51:07 AM by jackbox |
|
On Chrome suddenly the MyTrezor.com plugin fails to load. In the log it says it timed out. On Firefox it works but I prefer to use Chrome. I cannot find any way to uninstall the plugin so it loads again. There is only an option to disable it. Does anyone know why it might exhibit this behavior on Chrome. Are there other plugins that can interfere with the Trezor plugin? I am stumped. I hope some can help.
Edit: I finally got it working. Newly installed anti-virus program (WebRoot) had denied the Trezor program permission to run.
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
April 07, 2015, 07:58:44 PM |
|
Great! Can't wait to test Trezor Connect! I hope that lots of bitcoin-related sites will support this. |
Bitcointalk member since 2013! 
|
|
|
devthedev
Legendary
Offline
Activity: 1050
Merit: 1004
|
|
April 07, 2015, 10:41:31 PM |
|
Great! Can't wait to test Trezor Connect! I hope that lots of bitcoin-related sites will support this. This is gonna be great! How will it compare to hardware like the Yubikey? |
|
|
|
rammy2k2
Legendary
Offline
Activity: 1974
Merit: 1003
|
|
April 07, 2015, 10:43:23 PM |
|
WOW ... really cool ! Good job Trezor team, as usual ! |
|
|
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
April 08, 2015, 03:51:42 AM |
|
When will we be able to see pics on the device when it is idle?
|
|
|
|
¡ndustrialcoinmagic
Newbie
Offline
Activity: 16
Merit: 0
|
|
April 08, 2015, 03:53:45 AM |
|
Im going to try the firm update and see how my trezor works.
|
|
|
|
|
|
kkurtmann
|
|
April 08, 2015, 07:11:06 AM |
|
You guys are effing brilliant. This is a game changer in secure challenge/response authentication. |
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
April 08, 2015, 03:10:14 PM |
|
|
Vires in numeris
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
April 08, 2015, 03:27:16 PM |
|
i too would like to see full scale Armory integration. |
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
April 08, 2015, 03:57:38 PM |
|
i too would like to see full scale Armory integration. I believe I'm right in thinking that this DNSSEC stuff would need implementing as a firmware update, so Satoshi Labs can comment meaningfully on that. And this domain/address resolution system functions independently of allowing Trezors to be used with the Armory client. The latter work is definitely something Armory devs will need to do, the new wallet format will likely be a pretty sophisticated (read bespoke) version of BIP32 |
Vires in numeris
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
April 08, 2015, 05:33:58 PM |
|
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
jackbox
Legendary
Offline
Activity: 1246
Merit: 1024
|
|
April 08, 2015, 06:31:04 PM |
|
Because most people who shop there don't own a Trezor yet most likely. |
|
|
|
BitcoinIsLiberty
Newbie
Offline
Activity: 55
Merit: 0
|
|
April 08, 2015, 07:14:07 PM |
|
Are there any privacy concerns with using the Trezor for signing into websites? Is master public key shared or info that can link bitcoin addresses with identities? Does each website use it's own private key/public key for authentication?
-
|
|
|
|
|
|
cor
|
|
April 09, 2015, 12:31:38 AM |
|
Are there any privacy concerns with using the Trezor for signing into websites? Is master public key shared or info that can link bitcoin addresses with identities? Does each website use it's own private key/public key for authentication?
-
shortly: no no yes |
|
|
|
|
randomguy7
|
|
April 09, 2015, 11:29:51 AM |
|
If you are not paying for the service, you are the market the product, not the customer.
|
|
|
|
|
Spaceman_Spiff
Legendary
Offline
Activity: 1638
Merit: 1001
₪``Campaign Manager´´₪
|
|
April 09, 2015, 01:45:54 PM |
|
Very cool stuff ! Two thumbs up ! |
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
April 09, 2015, 02:46:26 PM |
|
Does anyone know a website that has integrated "sign in with trezor"? I would very much like to try it out.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
BitcoinIsLiberty
Newbie
Offline
Activity: 55
Merit: 0
|
|
April 09, 2015, 06:46:39 PM |
|
Extracting the Private Key from a TREZOR... with a 70 $ Oscilloscope http://johoe.mooo.com/trezor-power-analysis/Conclusion
Side channel attacks are not as difficult as many people think. A simple power analysis requires only a simple oscilloscope and that can hardly be called expensive laboratory equipment. You also need basic soldering skills and deep knowledge about the code that is running. It took only a single recording of the computation of the public key, to recover the private key. On the bright side, this simple side channel attack can be mitigated by using constant-time code and as I showed this code does not have to be slow.
The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key.
There is no complete protection against all kind of attacks. If your TREZOR gets stolen and it has no passphrase protection (or if the passphrase is weak), you should transfer the coins to a different wallet. There are other attack vectors like fault injection that could still be used and may get around the PIN protection. Basically, they use the fact that the microprocessor does unexpected things if power supply or the clock signal is broken. These are much more difficult to perform, but they are probably less expensive than using an electron microscope to read the seed from the chip. Also, there may be a bug in the microprocessor that allows for circumventing the read-out protection.
Nice to see people working on breaking the Trezor and making it stronger! |
|
|
|
|
guitarplinker
Legendary
Offline
Activity: 1694
Merit: 1024
|
|
April 09, 2015, 07:12:17 PM |
|
I'm liking the new feature where the PIN is required to check balances. I wasn't completely comfortable before with anyone on my main machine being able to see my bitcoin balance of my Trezor.
One thing that could be done to make PIN input a little more secure would be to change the location of numbers after a single number has been entered. Currently, if someone has a live video feed on a computer where someone is signing into their Trezor, they would be able to see duplicate numbers in their PIN. My idea would protect users from this, as well as people looking over their shoulders. It's probably a little over the top for security but it's still a decent idea in my mind.
|
|
|
|
|
|
