[ESHOP launched] Trezor: Bitcoin hardware wallet

[caveden]

Only better way is to replace the password with the hash of a biometric scan (fingerprints maybe) but in this way cost are higher and not all devices can support it.

Biometric scans, AFAIK, are like images. Different scans of the same individual will produce different data, which would produce different hashes. You can compare different images to see if they belong to the same person, but if you use one of these images as an encryption key, there's no guarantee you'll ever be able to unencrypt your data.
Of course that biometric scans could be used as an authentication method by a sophisticated device, but if the device is "physically hacked" and the biometric check is bypassed, you'll need something else to protect the data.

And, honestly, if you're afraid of physical thefts, shouldn't you also be afraid of physical coercion? What good is a biometric scan if the thief can simply force you to put your finger/eye/whatever?

As slush said before, we are not at the point where this is a reasonable threat for most of us. Hackers are a serious threat though, so we should first focus on how to protect ourselves from them first.

[1714593447]

1714593447

[1714593447]

1714593447

[1714593447]

1714593447

[1714593447]

1714593447

[ercolinux]

Only better way is to replace the password with the hash of a biometric scan (fingerprints maybe) but in this way cost are higher and not all devices can support it.

Biometric scans, AFAIK, are like images. Different scans of the same individual will produce different data, which would produce different hashes

You're true for a hash of the full image, but fingerprint scanner actually save only a "path" of the minutiaes of the fingerprints. And using that work in a reliable way.

. You can compare different images to see if they belong to the same person, but if you use one of these images as an encryption key, there's no guarantee you'll ever be able to unencrypt your data.

I didn't mean use the hash as password but only as authentication method.

Of course that biometric scans could be used as an authentication method by a sophisticated device, but if the device is "physically hacked" and the biometric check is bypassed, you'll need something else to protect the data.

And, honestly, if you're afraid of physical thefts, shouldn't you also be afraid of physical coercion? What good is a biometric scan if the thief can simply force you to put your finger/eye/whatever?

As slush said before, we are not at the point where this is a reasonable threat for most of us. Hackers are a serious threat though, so we should first focus on how to protect ourselves from them first.

On that I agree totally with you: my reply was to luicon who had expressed concern about forgetting the password. If one can obtain access to both you and the device there is really few things to do.
BTW to avoid physical coericion there is a  way, even not too difficult to implement: some times ago I've a phone with an encrypted area in which store password and pins. If you input the good password you decrypt the area, if you put a wrong one you obtain an error, but if you put a "special" one you go into a fake area with other data. Maybe is possible, for extra-paranoid implement a similar approach: one pin for real wallet, another one for another with only few BTC in it.
But again we are talking of extra-paranoid people here. IMHO slush design is more than adeguate.

[luicon]

does the device comes with some kind of memory?
how many addresses can be stored on it?

[slush]

does the device comes with some kind of memory?
how many addresses can be stored on it?

There's very small flash memory on the device (256 kB for code and data), but device don't need to store addresses on the flash. It uses deterministic wallet approach instead, so even device with 256kB memory can handle unlimited amount of addresses.

[caveden]

You're true for a hash of the full image, but fingerprint scanner actually save only a "path" of the minutiaes of the fingerprints. And using that work in a reliable way.

You mean that, for a given individual, you can always obtain the same unique "path"?

BTW to avoid physical coericion there is a  way, even not too difficult to implement: some times ago I've a phone with an encrypted area in which store password and pins. If you input the good password you decrypt the area, if you put a wrong one you obtain an error, but if you put a "special" one you go into a fake area with other data. Maybe is possible, for extra-paranoid implement a similar approach: one pin for real wallet, another one for another with only few BTC in it.
But again we are talking of extra-paranoid people here. IMHO slush design is more than adeguate.

That's plausible deniability, or more specifically, deniable encryption. Truecrypt does it.
I'd expect future dedicated device wallets to implement this, but as you note it's not a priority, at least not while most burglars remain ignorant about bitcoin.

[ercolinux]

You're true for a hash of the full image, but fingerprint scanner actually save only a "path" of the minutiaes of the fingerprints. And using that work in a reliable way.

You mean that, for a given individual, you can always obtain the same unique "path"?

I'm not actually expert on biometrics but I've done some research on it for work and producer of scanner told me so. Low cost scanner integrated in laptop works that way, so some bank door opener. They have a small database of path and check on it it there is corrispondence. Is fast and quite secure: while a full identify request a check on lots of points (15-16 actually), just few minutiaes are sufficient for the login pourpose (with 10 point you've over 1 milion of different pattern possible, with 8  65536).

[caveden]

I'm not actually expert on biometrics but I've done some research on it for work and producer of scanner told me so. Low cost scanner integrated in laptop works that way, so some bank door opener. They have a small database of path and check on it it there is corrispondence.

Wait, but if you need a database of paths, it means the scan alone is not enough to produce the exact same path that was produced before for that individual. You're back to "comparing images".
Unless you mean they use a database of path hashes, in which case the scan would have to produce the exact same path before hashing. The scan would be just like a password, and could then be used as an encryption key, provided there's enough entropy in fingerprints - in case there isn't, it could be added to an actual password.

[eldentyrell]

First preview of the design. Dimensions are 60x40x10 mm.

Hey cool!

But it looks like that's a female USB mini/micro-B connector, which means you need a cable in order to use it.  Is that true, or am I mistaken?  I kinda think most people would prefer a device that's cable-wise self-sufficient (like Yubikeys) so they don't have to go hunting around for the right type of cable.

One of the big advantages of a device like this with its own display and buttons is that it's safe (*) to connect it to machines you don't trust, which means people will probably want to use it when they aren't at their own home/office/whatever with the handy drawer-o-cables-and-adapters within arm's reach.

Neat stuff!

(*) I suppose a hostile computer could take the signed transaction and throw it away.  Not sure if the device keeps copies of stuff it signs.

[ercolinux]

But it looks like that's a female USB mini/micro-B connector, which means you need a cable in order to use it.  Is that true, or am I mistaken?  I kinda think most people would prefer a device that's cable-wise self-sufficient (like Yubikeys) so they don't have to go hunting around for the right type of cable.

Due to the size of the device (is near twice the width of a standard USB key)  is better to have a cable: lot of notebooks/netbooks have usb ports in weird locations, not all desktop PC have a frontal working usb port, and anyway have the piglet (or how is called now) few inches from floor don't make easy to operate with it; and if the device can work with smartphones too they have only micro-usb. So having a micro-usb female is IMHO the right choice for most of the situations. And adding the lenght of the male usb connector will add other 20mm to the lenght, and with 80mm of overall length it will become as big as credit card.

[luicon]

any idea about how expensive could be the final price? just an approximation

[2112]

with the handy drawer-o-cables-and-adapters within arm's reach.

EU-landia has since 2009 a law requiring that a cellphone sold there needs to be rechargable through the micro-USB port.  So maybe not every household does have micro-USB to USB cable, but the situation is on the way to where it becomes ubiquitous.

Hopefully the less progressive lands (like the USA) will join this standard sometime this century. Or maybe not. But there's no need for a device targeted for a global acceptance to specifically pander to the backward.

[slush]

We've just received first batch of displays. They're pretty tiny :-)



P.S. Casascius coin after wearing it in my wallet for one year ;-).

[molecular]

We've just received first batch of displays. They're pretty tiny :-)



P.S. Casascius coin after wearing it in my wallet for one year ;-).

could you post a photo of the back of the coin in the casascius thread? (https://bitcointalk.org/index.php?topic=41892.0). People are interested how a coin will degrade, especially the firstbits of series 1.

[slush]

could you post a photo of the back of the coin in the casascius thread? (https://bitcointalk.org/index.php?topic=41892.0). People are interested how a coin will degrade, especially the firstbits of series 1.

This coin is already redeemed. As far as I can say, wearing the coin in the wallet with other coins is not-so-good-idea :-(.

[jim618]

Those displays are tiny !

Really looking forward to these devices coming out.
Crypto made real.

[molecular]

could you post a photo of the back of the coin in the casascius thread? (https://bitcointalk.org/index.php?topic=41892.0). People are interested how a coin will degrade, especially the firstbits of series 1.

This coin is already redeemed. As far as I can say, wearing the coin in the wallet with other coins is not-so-good-idea :-(.

yeah. series 2 should be better, though, because the firstbits is actually behind the hologram (little window in it)

[slush]

First casing prototype has been printed! The model is optimized for CNC/metal, not for 3D printing/plastic, so some parts are a bit malformed (especially the eyelet and edges). However, now we see that the device can be even smaller than we expected and our designer is making another version which will be 50x35mm!

[slush]

Video of Reprap printing the prototype ;-)
http://www.youtube.com/watch?v=-uYW3ks0WwA

[hazek]

Video of Reprap printing the prototype ;-)
http://www.youtube.com/watch?v=-uYW3ks0WwA

[slush]

Donations are welcome at 1BitkeyP2nDd5oa647AjvBbbwST54W5Zmx :-). Coins will be used by me and stick to fund&build first prototypes.