Bitcoin Forum
November 01, 2024, 09:15:30 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 [227] 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966156 times)
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
August 24, 2016, 06:27:33 AM
 #4521

Yeh, seed + keylogger is probably the biggest risk. I think PIN would be somewhat easy to brute-force if it were 25th word (compared to passphrase), but too lazy to do the math. I can still see it could be an advantage for advanced users though (since keylogger is less effective in that situation.)

Alternatively if the trezor could hold the 25th word in memory just like it does the 24 before it that would be awesome. (or you know the deterministic value that is derived from the seed). Just not writing down the last four words anywhere and remembering just those four is basically this but with the caviat that you have to memorize a new password rather than one you already have committed to memory.

But yea having the pin as a 25th or 26th or w/e word certainly couldnt hurt even if it wasnt enough on its own.

Maybe both. The pin as an extra word plus the ability to have a password that you need for recovery but not for day to day use entering in on mytrezor.com

The pin wouldn't enhance the security because it is too short. You can't even call it bruteforcing if you only have 10000 combinations to guess!  Cheesy

Add a long password and put it in your password manager and keep the seed on a piece of paper, then you're fine. An additional advantage is that you can have several "accounts" on your trezor by using different passwords.

Bitcointalk member since 2013! Smiley
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1295


DiceSites.com owner


View Profile WWW
August 24, 2016, 07:02:15 AM
 #4522

Yeh, even with 10 number PIN it would take a few minutes max, so I guess that's completely useless Tongue (again the device adds big exponentially increasing delay upon every failed PIN, so works fine for that.)

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 24, 2016, 01:15:13 PM
 #4523

Yeh, even with 10 number PIN it would take a few minutes max, so I guess that's completely useless Tongue (again the device adds big exponentially increasing delay upon every failed PIN, so works fine for that.)

I don't think this sort of thing is linear. Sure it only takes a few minutes to crack the pin alone. Lets say for the sake of argument that it takes 5 minutes. Now imagine that you have a password that takes one week to crack. If you add the pin too that. It doesnt now take 1 week + 5 minutes. The added pin would make it take much longer than that. Idk the actual maths well enough to make a model. But supposing the original password took 1 week to crack (with a given machine) and you added an 8 digit pin to the end of it, that should push it way out side of the range of feasibility for the attacker using the same brute forcing hardware.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1295


DiceSites.com owner


View Profile WWW
August 24, 2016, 02:01:35 PM
 #4524

I guess like that yeh, but I was still thinking on the "seed + keylogger risk" - it wouldn't help for that.

georgem
Legendary
*
Offline Offline

Activity: 1484
Merit: 1007


spreadcoin.info


View Profile WWW
August 24, 2016, 10:44:45 PM
 #4525

You can't even call it bruteforcing if you only have 10000 combinations to guess!  Cheesy

That's true, and it's even less than 10000, just 6561 combinations since ZERO is not allowed, only numbers 1-9.

jiijj1
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 27, 2016, 01:40:50 PM
 #4526

I have three Trezor devices which I bought at the same time, all three have 2 small marks on the top edge of device.

It looks like something that a tiny needle would do, I'm assuming this is the result of the manufacturing process when melting the plastic?
The location of the marks is roughly pretty much the same on all three devices.

not sure if I explain it correctly, but if someone else has a Trezor device they can propably confirm this 2 marks?
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1724



View Profile
August 28, 2016, 08:02:32 PM
 #4527

Yup, got the same thing. Two small marks, one smaller than the other, on the top edge of the device. If the two marks were connected with a line, it would be perpendicular to the line which runs across the perimeter of the device.

Signature space available for rent.
jiijj1
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 29, 2016, 02:04:11 AM
 #4528

Yup, got the same thing. Two small marks, one smaller than the other, on the top edge of the device. If the two marks were connected with a line, it would be perpendicular to the line which runs across the perimeter of the device.

I guess this is the result of melting the plastic?
xbach
Newbie
*
Offline Offline

Activity: 40
Merit: 0


View Profile
August 31, 2016, 03:46:23 PM
 #4529

Trezor can now be used as a FIDO/U2F key.

Source: https://blog.trezor.io/secure-two-factor-authentication-with-trezor-u2f-e940fd5a60af
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 31, 2016, 04:59:10 PM
 #4530


This is silly. Why would you need another factor of authentication besides trezor?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1295


DiceSites.com owner


View Profile WWW
August 31, 2016, 05:12:04 PM
 #4531

I am afraid Google, Dropbox, Github, etc aren't adding Trezor Connect just yet Wink so seems like another great update to me.

BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
August 31, 2016, 06:32:34 PM
 #4532

I am afraid Google, Dropbox, Github, etc aren't adding Trezor Connect just yet Wink so seems like another great update to me.

Since Ledger Nano S added FIDO I have been using it to authenticate with Google. Trezor says in their new blog post that after firmware update to 1.4.0 you should be able to use Trezor to authenticate with Google on Chrome. Not working for you?

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 31, 2016, 06:42:05 PM
 #4533

This company. Oh my god this company is so great. These guys could have just been fly by night hacks when they were taking bitcoin early on. But they turned out to be so very very legit. Thanks so much for everything. This latest update in particular is so exciting!

I actually bought 2 more trezors just because what they hey, I'll have a separate one for monero, a separate one for internet security, and a separate on for bitcoin. Really I probably bought 2 more just cant stop nerding out over this first one every single day, and there were 2 more colors I didn't have damn it!

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1295


DiceSites.com owner


View Profile WWW
August 31, 2016, 06:50:26 PM
 #4534

I am afraid Google, Dropbox, Github, etc aren't adding Trezor Connect just yet Wink so seems like another great update to me.

Since Ledger Nano S added FIDO I have been using it to authenticate with Google. Trezor says in their new blog post that after firmware update to 1.4.0 you should be able to use Trezor to authenticate with Google on Chrome. Not working for you?

I was replying to Anon136, I read his message as: "why you need passwords + U2F... you could just use Trezor alone (like Trezor Connect)". So my answer is that U2F is a standard used by many sites and Trezor Connect not. So great firmware update. Did I misunderstood his post or something? Tongue

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
August 31, 2016, 08:15:57 PM
 #4535

Google is infuriating. Angry

I've been scouring my account settings and I can not figure out how to get it to stop making me un-check the little box that says "dont ask again on this computer" every single time I log in. And if I do forget to un-check it, I can not for the life of me figure out how to get it to use 2fa again without removing and re-registering the trezor on the account.

 Angry Angry Angry

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
August 31, 2016, 08:45:22 PM
 #4536

Google is infuriating. Angry

I've been scouring my account settings and I can not figure out how to get it to stop making me un-check the little box that says "dont ask again on this computer" every single time I log in. And if I do forget to un-check it, I can not for the life of me figure out how to get it to use 2fa again without removing and re-registering the trezor on the account.

 Angry Angry Angry

See if the support article at https://support.google.com/accounts/answer/6103535?hl=en&ref_topic=6103521 helps at all.

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
September 03, 2016, 03:14:50 AM
 #4537

So I just got my 2 new trezors in today and I immediately noticed something. The tactile feel of the click on the buttons feels noticeably different. Not just a slight difference. They feel very different. On the old one the actuation is very muted and soft almost mushy with almost no "click" to it. On the new ones its very clicky/snappy to the point where I can audibly hear the click if its very quite in my house.

Anyone else noticed this? Is it noted anywhere that satoshi labs changed some of their hardware manufacturers in newer production runs?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
September 03, 2016, 08:42:47 AM
 #4538

Is it noted anywhere that satoshi labs changed some of their hardware manufacturers in newer production runs?

Well, it makes sense to use cheap switches on early production runs. I'd be surprised if any of the PCB layout needed any significant redesign to accommodate more expensive feeling switches. It may not even be a question of expense at all, and simply one of availability.

Vires in numeris
.m.
Sr. Member
****
Offline Offline

Activity: 280
Merit: 260



View Profile
September 03, 2016, 02:52:35 PM
 #4539

I believe they know what they are doing Wink


███████████████████████████████████████
███████████████████████████████████████
█████████████████████████████
██████████████████████████
████████████████████████
███████████████████████
█████████████████▐████
███████████████████████
████████████████████████
██████████████████████████
█████████████████████████████
███████████████████████████████████████
███████████████████████████████████████
DECENT
FOUNDATION



██
██
██
██
██
██
██
██
██

██
██
██


[D]ecentralized application
[E]liminated third parties
[C]ontent distribution



██
██
██
██
██
██
██
██
██

██
██
██


[E]ncrypted & secure
[N]o borders
[T]imeless reputation



██
██
██
██
██
██
██
██
██

██
██
██



██
██
██
██
██
██
██
██
██

██
██
██

sugarfly
Full Member
***
Offline Offline

Activity: 135
Merit: 100


Zettel-Dolphin


View Profile
September 11, 2016, 05:53:03 PM
Last edit: September 22, 2016, 08:02:40 AM by sugarfly
 #4540

Andreas Antonopoulos in his most recent joe rogan podcast appearance whips his TREZOR out of the pocket:

https://youtu.be/1sOxtBiBpE4

"this little device over here…"  Cool

It's at the 1:58:33 mark

 Smiley

-sf-
Pages: « 1 ... 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 [227] 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!