Bitcoin Forum
November 07, 2024, 01:49:01 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966164 times)
jago25_98
Hero Member
*****
Offline Offline

Activity: 900
Merit: 1000


Crypto Geek


View Profile WWW
July 15, 2013, 09:13:43 AM
 #641

hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
felente
Full Member
***
Offline Offline

Activity: 147
Merit: 100



View Profile
July 15, 2013, 09:32:45 AM
 #642

...
Even better would be the standalone
...
yup. but the price would be too high for now i think.
as a second or third stage(generation) - would be very welcome
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
July 15, 2013, 10:01:13 AM
 #643

Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed.

Not wanting to be negative or anything - Trezor is definitely a great improvement on security since our greatest worry right now are malwares - but we should note that its currently configuration makes it vulnerable to the "evil (and tech-savvy) maid attack".
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

I don't think that's a major risk, in the sense that it won't happen frequently, but it's worth noting anyway. Some people can't afford to fully trust those they share their living space with. Think college students for ex., particularly computer science college students who happen to share their room with people who were just put there by the residency administration. They barely know each other...
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
July 15, 2013, 10:02:10 AM
 #644

hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

I guess you could do it with mycelium (successor of bitcoinspinner)

EDIT: wait, what exactly do you mean?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
July 15, 2013, 02:02:35 PM
 #645

caveden, it's small enough (physically) to fit on a keyring I guess. So such a person would just carry it with them.
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
July 15, 2013, 02:29:27 PM
 #646

caveden, it's small enough (physically) to fit on a keyring I guess. So such a person would just carry it with them.

Yes, that's reasonable. You can also lock it somewhere etc. I just wonder if concerned people will know about it and take necessary precautions.
Binford 6100
Hero Member
*****
Offline Offline

Activity: 504
Merit: 504


PGP OTC WOT: EB7FCE3D


View Profile
July 15, 2013, 11:47:23 PM
 #647

http://www.bitcointrezor.com/news/raspberry-pi-shield-developers

no need comment
btw who else is going to ohm2013?

You can't build a reputation on what you are going to do.
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
July 16, 2013, 01:18:08 AM
 #648

Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed.

Not wanting to be negative or anything - Trezor is definitely a great improvement on security since our greatest worry right now are malwares - but we should note that its currently configuration makes it vulnerable to the "evil (and tech-savvy) maid attack".
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

I don't think that's a major risk, in the sense that it won't happen frequently, but it's worth noting anyway. Some people can't afford to fully trust those they share their living space with. Think college students for ex., particularly computer science college students who happen to share their room with people who were just put there by the residency administration. They barely know each other...

Just boot your os from a disk when ever you use your trezor

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
neoranga
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
July 16, 2013, 07:29:15 AM
 #649

hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

If by offline transactions with QR codes you meant this below, it has not been implemented yet, neither with QR codes neither with NFC.
https://bitcointalk.org/index.php?topic=230010.msg2424481
caveden
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004



View Profile
July 16, 2013, 07:38:59 AM
 #650

Just boot your os from a disk when ever you use your trezor

Encrypted disks (LUKS, Truecrypt...) are also good, but you're still vulnerable to hardware key-loggers.
I think the best is not to let the device accessible as Mike suggests. Either carry it always with you or lock it somewhere.
drazvan
Full Member
***
Offline Offline

Activity: 191
Merit: 100



View Profile WWW
July 17, 2013, 12:52:13 PM
 #651

hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

You mean like this: https://bitcointalk.org/index.php?topic=210371.0 ?

molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
July 17, 2013, 01:36:51 PM
 #652

hmm...
a great device.

Even better would be the standalone;

same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.

Question folks - which Android app can do offline transactions using QRcodes and a camera?

You mean like this: https://bitcointalk.org/index.php?topic=210371.0 ?



that's pretty cool.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
AngelSky
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 537



View Profile
July 17, 2013, 03:44:07 PM
 #653

I love the idea and the fact you moved your ass to make something happen Smiley Btw, I know it's hard to make a good commercial video but we can see you're reading Wink I think you don't need to make an Apple-like-commercial-things, just try to be yourself!

Good product, will follow and buy.

Wish you the best,
Patrick
P_Shep
Legendary
*
Offline Offline

Activity: 1795
Merit: 1208


This is not OK.


View Profile
July 17, 2013, 06:59:29 PM
 #654

I was thinking the other day... it's too small to have a whole keyboard in order to type in a pass-phrase etc., but what about tapping in a pass-beat?
When you set it up, you tap in a rhythm, a few time probably to get a good average, then when it come to singing the Tx, you tap out the rhythm again.
WinTame2012
Sr. Member
****
Offline Offline

Activity: 315
Merit: 250


Official sponsor of Microsoft Corp.


View Profile WWW
July 17, 2013, 09:10:49 PM
 #655

I was thinking the other day... it's too small to have a whole keyboard in order to type in a pass-phrase etc., but what about tapping in a pass-beat?
When you set it up, you tap in a rhythm, a few time probably to get a good average, then when it come to singing the Tx, you tap out the rhythm again.
It's even easier to build in a cross-arrows like that founds on the gamepads
  ^
<  >
  v

and then tap a sequence like a good ol' Mortal Kombat fatality combo: >>^>v<<> and voila! You've authenticated TX on the Trezor device. No key-logger fears anymore.

May the WinTame Power be with you!
http://wintame.com
P_Shep
Legendary
*
Offline Offline

Activity: 1795
Merit: 1208


This is not OK.


View Profile
July 17, 2013, 10:32:59 PM
 #656

It's even easier to build in a cross-arrows like that founds on the gamepads
  ^
<  >
  v

and then tap a sequence like a good ol' Mortal Kombat fatality combo: >>^>v<<> and voila! You've authenticated TX on the Trezor device. No key-logger fears anymore.

I thought about that, but I think I could more consistantly hum a tune, or tap out a beat, than I could remember a set of directions. Plus it uses less buttons. Plus it doesn't depend on the positions of the buttons, should they change or differ between hardware (you know how you muscle memory your PIN)... go compare a phone layout, to a calculator layout Wink
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
July 17, 2013, 11:30:13 PM
 #657

Sorry to disappoint you, but the button layout will not change. At least not in the first batch. :-)

P_Shep
Legendary
*
Offline Offline

Activity: 1795
Merit: 1208


This is not OK.


View Profile
July 18, 2013, 12:01:47 AM
 #658

At least not in the first batch. :-)

Exactly.
Delver
Newbie
*
Offline Offline

Activity: 11
Merit: 4



View Profile
July 31, 2013, 02:24:03 PM
 #659

Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

This is exactly what I am worried about. I recognize the fact that some people prefer comfort when entering their PIN as opposed to an additional security precaution, but wouldn't it be beneficial to allow both methods of PIN input - on the device and/or the computer keyboard? The button layout of the Trezor makes it clumsy to punch in the PIN, but far from impossible. Many of us would sleep easier knowing our security could not have been compromised because of an infected computer. At the same time, those who prefer the comfort of their keyboards can simply not utilize this feature and enter the PIN as it was originally planned by the developers. It's really just a matter of modifying the software and I urge the developers to at least consider it.
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
July 31, 2013, 02:35:53 PM
 #660

Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device.

This is exactly what I am worried about. I recognize the fact that some people prefer comfort when entering their PIN as opposed to an additional security precaution, but wouldn't it be beneficial to allow both methods of PIN input - on the device and/or the computer keyboard? The button layout of the Trezor makes it clumsy to punch in the PIN, but far from impossible. Many of us would sleep easier knowing our security could not have been compromised because of an infected computer. At the same time, those who prefer the comfort of their keyboards can simply not utilize this feature and enter the PIN as it was originally planned by the developers. It's really just a matter of modifying the software and I urge the developers to at least consider it.

But the PIN is one-time

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!