[ESHOP launched] Trezor: Bitcoin hardware wallet

[Anduck]

If I own 2 Trezor devices, would it be possible to connect the new Trezor device to offline PC, type in the 24 word seed & this way have 2 Trezor devices that have exactly same wallets stored in them?

I'm confident that my PC does not have keylogger, however for extra safety it would be cool to be able to move the seed to a 2nd Trezor from Offline PC, if this is possible how would it be done?

Can I access the Trezor website in offline mode?

1. If this is possible I can test and make sure the Seed is working incase Trezor device breaks down.

2. Have a strong PIN and store the 2nd Trezor device on another location (lets say my home burns down and Trezor device nr1 and seed paper is lost). From my understanding todays technology it is pretty much impossible for regular thief to steal my coins if the PIN code is strong.

Same seed in both devices means they both use same wallet. If you use a passphrase, it also needs to be the same, as the password is "25th" word in the seed and therefore affects the generated wallet. Pin can be different, AFAIK.

I suggest backing up everything at these as 3 copies, 3 different locations and preferably formats.

not sure how you mean storing 3 copies in 3 different locations and differents formats?
do you mean location 1 has passphrase only?
location 2 has 24 word seed only?
location 3 has the Trezor device only?

So from reading Trezor manual my understanding is even if I get extremely unlucky and my PC has Keylogger it would take 3.5 years for someone with the hashing power of bitcoin to get the correct order of 24 word seed?
so for regular users this would mean 100+ years?

If this is true I should be able to move the seed while online from Trezor 1 to Trezor 2 confidently?

I think the only function of the passphrase is that I can openly have the other 24 words of the seed in my home, even if someone steals my 24 word seed they still can't get to my coins in wallet that are protected by the passphrase?

so If I make sure I have a long passphrase coins are safe as long as I don't forget the passphrase.

I mean that it's good to keep several copies of the same data at multiple physical locations. Trezor device itself is "nothing", only the words (=seed) are important.

Do not write the seed on an online computer, or actually ever on computer at all. The whole point of the hardware wallet is that the keys are only on the device and in the backup locations. When you type the seed on computer, it's technically shared with the computer (even if you didn't store it on the computer!). The computer may be compromised or may be compromised in the future. It may be shared via Internet or other ways.

[jiijj1]

I mean that it's good to keep several copies of the same data at multiple physical locations. Trezor device itself is "nothing", only the words (=seed) are important.

Do not write the seed on an online computer, or actually ever on computer at all. The whole point of the hardware wallet is that the keys are only on the device and in the backup locations. When you type the seed on computer, it's technically shared with the computer (even if you didn't store it on the computer!). The computer may be compromised or may be compromised in the future. It may be shared via Internet or other ways.

If I own 2 Trezor devices, would it be possible to connect the new Trezor device to offline PC, type in the 24 word seed & this way have 2 Trezor devices that have exactly same wallets stored in them?

I'm confident that my PC does not have keylogger, however for extra safety it would be cool to be able to move the seed to a 2nd Trezor from Offline PC, if this is possible how would it be done?

Can I access the Trezor website in offline mode?

1. If this is possible I can test and make sure the Seed is working incase Trezor device breaks down.

2. Have a strong PIN and store the 2nd Trezor device on another location (lets say my home burns down and Trezor device nr1 and seed paper is lost). From my understanding todays technology it is pretty much impossible for regular thief to steal my coins if the PIN code is strong.

You have to be online to access any website, including mytrezor.com. You can certainly restore your seed to a new Trezor but you will be online while doing so. Your 24 word seed will be displayed out of order during the restore process.

Thanks for the help , so if there is no safe way to recover seed to a new Trezor device offline, is there atleast a offline method for me to verify that the seed is indeed correct?

Q: Possibly have a online PC with fully downloaded blockchain, take ethernet cable out, insert Trezor in now offline PC with full blockchain(including my Trezor Adress created by the 24word seed), verify that the seed is correct, then wipe the Operating system from the harddrive so seed never gets exposed.

come to think about it, would it not be possible if the blockchain with the wallet that Trezor created is on the Offline PC, should it not be able to verify this seed is working from this offline PC?

[BitcoinNewsMagazine]

I mean that it's good to keep several copies of the same data at multiple physical locations. Trezor device itself is "nothing", only the words (=seed) are important.

Do not write the seed on an online computer, or actually ever on computer at all. The whole point of the hardware wallet is that the keys are only on the device and in the backup locations. When you type the seed on computer, it's technically shared with the computer (even if you didn't store it on the computer!). The computer may be compromised or may be compromised in the future. It may be shared via Internet or other ways.

If I own 2 Trezor devices, would it be possible to connect the new Trezor device to offline PC, type in the 24 word seed & this way have 2 Trezor devices that have exactly same wallets stored in them?

I'm confident that my PC does not have keylogger, however for extra safety it would be cool to be able to move the seed to a 2nd Trezor from Offline PC, if this is possible how would it be done?

Can I access the Trezor website in offline mode?

1. If this is possible I can test and make sure the Seed is working incase Trezor device breaks down.

2. Have a strong PIN and store the 2nd Trezor device on another location (lets say my home burns down and Trezor device nr1 and seed paper is lost). From my understanding todays technology it is pretty much impossible for regular thief to steal my coins if the PIN code is strong.

You have to be online to access any website, including mytrezor.com. You can certainly restore your seed to a new Trezor but you will be online while doing so. Your 24 word seed will be displayed out of order during the restore process.

Thanks for the help , so if there is no safe way to recover seed to a new Trezor device offline, is there atleast a offline method for me to verify that the seed is indeed correct?

Q: Possibly have a online PC with fully downloaded blockchain, take ethernet cable out, insert Trezor in now offline PC with full blockchain(including my Trezor Adress created by the 24word seed), verify that the seed is correct, then wipe the Operating system from the harddrive so seed never gets exposed.

come to think about it, would it not be possible if the blockchain with the wallet that Trezor created is on the Offline PC, should it not be able to verify this seed is working from this offline PC?

You can verify the seed by recovering to a second spare Trezor. Take a look at security threats in the Trezor user manual. If you are using a hardware wallet routinely you should keep a spare around.

[yslyung]

wallet.mytrezor.com/ seems to be stuck on the loading screen entire day, is anyone having any issues ?

[BitcoinNewsMagazine]

wallet.mytrezor.com/ seems to be stuck on the loading screen entire day, is anyone having any issues ?

No, try going to application settings at the bottom of screen and changing server to localbitcoinschain.com

[yslyung]

wallet.mytrezor.com/ seems to be stuck on the loading screen entire day, is anyone having any issues ?

No, try going to application settings at the bottom of screen and changing server to localbitcoinschain.com

it dosen't even show at bottom of the screen ... meh

updated chroe (it crashed my pc though) but after recovering from crash n chrome, it's all good now.

thx

[ColderThanIce]

it dosen't even show at bottom of the screen ... meh

updated chroe (it crashed my pc though) but after recovering from crash n chrome, it's all good now.

thx

If you're continuously running into that problem you can also access your Trezor through Electrum. To set it up, I suggest following this guide. I've found Electrum to be a much better piece of software to use with a Trezor compared to the MyTrezor web app.

[Carlton Banks]

@Czechians:

Is anyone aware of a bricks and mortar shop selling Trezors in Czechia? Preferably in Prague (and if the shop has a direct relationship with SatoshiLabs, that would be good also). I'm not too interested in the idea of trusting the postal service with a Trezor I intend to use for real (although the initial intent is to help test/troubleshoot integration with the Armory wallet)

If there is no such shop.... this is an opportunity! With the Trezor at only $99, I would much prefer to pay for a trip to Prague than pay $40 international shipping, for the peace of mind.

[xbach]

@Czechians:

Is anyone aware of a bricks and mortar shop selling Trezors in Czechia? Preferably in Prague (and if the shop has a direct relationship with SatoshiLabs, that would be good also). I'm not too interested in the idea of trusting the postal service with a Trezor I intend to use for real (although the initial intent is to help test/troubleshoot integration with the Armory wallet)

If there is no such shop.... this is an opportunity! With the Trezor at only $99, I would much prefer to pay for a trip to Prague than pay $40 international shipping, for the peace of mind.

You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.

[Carlton Banks]

You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.

Thank you xbach, your information is most helpful. I will check out Paralelni Polis.

[marcus_of_augustus]

You can buy some at Paralelni Polis in Prague, but also only for Bitcoins. There is an ATM right in the place though, so it is quite convenient. I would inqure first, if they still have stock, so you wouldn't come to Prague for nothing.

Thank you xbach, your information is most helpful. I will check out Paralelni Polis.

Carlton, I suggest you contact Satoshi Labs directly ... for a legendary supporter like yourself you may even get a tour of the Labs

[dsattler]

There is a 20% discount for buying a trezor, but only for a short time:
https://twitter.com/BitcoinTrezor/status/763422042515529728

[xbach]

FYI: Trezor Android App was released today. It's just a management app for setting up and configuring Trezor, but with Mycelium, it provides a whole computer-less set up.

https://blog.trezor.io/trezor-manager-app-for-android-5f8b86bfc886#.hcqubj8ct

Link to Google Play Store: https://play.google.com/store/apps/details?id=io.trezor.app

[Carlton Banks]

FYI: Trezor Android App was released today. It's just a management app for setting up and configuring Trezor, but with Mycelium, it provides a whole computer-less set up.

https://blog.trezor.io/trezor-manager-app-for-android-5f8b86bfc886#.hcqubj8ct

Link to Google Play Store: https://play.google.com/store/apps/details?id=io.trezor.app

It's good news, but there are problems:

• Lack of source code (certainly no link)
• Play Store (unknown source and functionality, vendor delivers product as a binary only)

So the claim that the App will work with any Android phone isn't true: there is a requirement that the handset has Play Store software (and, as is often the case with Android apps, may well depend on software libraries in the Play Store app or from Google Play Services). I'm surprised that the developers aren't aware that this is an issue, particularly as they were using a modern Nexus device to test the app.


So, my questions for Satoshi Labs:

• Does the app have source code available?
• Does it depend on Play Store libraries?
• Can it be distributed as an .apk through more reliable channels?

[BitcoinNewsMagazine]

Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps. As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone. Nice work on the Trezor Manager!

[Carlton Banks]

Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps.

What difference does it make at all? An .apk downloaded from bitcointrezor.com isn't going to make your phone either more or less vulnerable to the pwnage bug affecting newer Snapdrgon SoC's. If you used Play Store to install Trezor Manager to a device with this flaw, the situation would be identical: pwned phone with properly verified Trezor App. Quelle difference.

As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone.

Uhhhhh, that's terrible advice. Google will help to keep 3rd party malware off your phone. Any malware developed either in-house or by deep state agencies will be delivered straight to your device when ready. Noticed how Google are becoming more and more involved in global politics recently? Your trust in Google is misplaced.


My advice to Android users:

• Gain root access
• Flash up to date OS (preferably compiled yourself)
• Install 3rd party App Store (make sure it has root privileges, I recommend the F-Droid Store)
• Do not install or use the Play Store (or other Google Apps)
• Regularly re-flash the latest OS updates (preferably compiled yourself)

I'm not saying that this is a perfect method, but it's a big improvement on "blindly trust the Play Store binary blob"

[Anon136]

The password manager is pretty cool but it kinda defeats the purpose when the first thing I see when I open the extension is a prompt for a password and I cant use my trezor password manager yet because it isn't open yet

So I end up still using keypass2 because I don't want to use my master pass on any web service and I dont want to try to memorize another password thats secure enough for the requirements of my email (since knowing my email authentication information would unlock pretty much all of my other accounts).

So at this point its like maybe, as cool as the trezor password manager is, maybe I just keep using keypass2 for everything?

Maybe I'm missing something.

*edit* maybe I just make a drop box account with a very simple password and then even if that drop box account were compromised they wouldn't get a hold of any of my other passwords since they don't have the trezor. Its obvious that google is just being used in this instance to store an encrypted database.

But you know what would be super nice is if you guys could provide cloud storage just for our encrypted password databases then you could offer trezor based authentication for that cloud storage rather than typing in a password. I would pay for that. Also though it would be nice to have a way to store that same database locally just incase your servers were on the fritz (like they sometimes are with mytrezor.com)

Just some thoughts.

*edit2* nvm. drop box doesn't have a free tier. so back to square one.

[BitcoinNewsMagazine]

Google has just fixed the Quadrooter vulnerabilities for the Nexus they sell but the patches will take a while to filter down to other phones. This is not the best time to side load apps.

What difference does it make at all? An .apk downloaded from bitcointrezor.com isn't going to make your phone either more or less vulnerable to the pwnage bug affecting newer Snapdrgon SoC's. If you used Play Store to install Trezor Manager to a device with this flaw, the situation would be identical: pwned phone with properly verified Trezor App. Quelle difference.

As long as you use the Play Store only and do not enable unknown sources Google should keep malware off your phone.

Uhhhhh, that's terrible advice. Google will help to keep 3rd party malware off your phone. Any malware developed either in-house or by deep state agencies will be delivered straight to your device when ready. Noticed how Google are becoming more and more involved in global politics recently? Your trust in Google is misplaced.


My advice to Android users:

• Gain root access
• Flash up to date OS (preferably compiled yourself)
• Install 3rd party App Store (make sure it has root privileges, I recommend the F-Droid Store)
• Do not install or use the Play Store (or other Google Apps)
• Regularly re-flash the latest OS updates (preferably compiled yourself)

I'm not saying that this is a perfect method, but it's a big improvement on "blindly trust the Play Store binary blob"

You are free to do what you please but some newbie with limited skills is gonna brick their phone if they take your advice. Reasons not to root.

[Carlton Banks]

You are free to do what you please but some newbie with limited skills is gonna brick their phone if they take your advice. Reasons not to root.

Too negative. You're making the assumption that people are incapable of learning, or that they're incapable of assessing risks. You're promoting irresponsibility, ignorance and technological dependence, you cannot defend that.

[sugarfly]

I received my trezor a few days ago, it really is an awesome device.
And now I finally have some free time.
Now the testing and dissection can begin,  

-sf-