jago25_98
|
|
July 15, 2013, 09:13:43 AM |
|
hmm... a great device.
Even better would be the standalone;
same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.
Question folks - which Android app can do offline transactions using QRcodes and a camera?
|
Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
|
|
|
felente
|
|
July 15, 2013, 09:32:45 AM |
|
... Even better would be the standalone ...
yup. but the price would be too high for now i think. as a second or third stage(generation) - would be very welcome
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
July 15, 2013, 10:01:13 AM |
|
Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed.
Not wanting to be negative or anything - Trezor is definitely a great improvement on security since our greatest worry right now are malwares - but we should note that its currently configuration makes it vulnerable to the "evil (and tech-savvy) maid attack". Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device. I don't think that's a major risk, in the sense that it won't happen frequently, but it's worth noting anyway. Some people can't afford to fully trust those they share their living space with. Think college students for ex., particularly computer science college students who happen to share their room with people who were just put there by the residency administration. They barely know each other...
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
July 15, 2013, 10:02:10 AM |
|
hmm... a great device.
Even better would be the standalone;
same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.
Question folks - which Android app can do offline transactions using QRcodes and a camera?
I guess you could do it with mycelium (successor of bitcoinspinner) EDIT: wait, what exactly do you mean?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
July 15, 2013, 02:02:35 PM |
|
caveden, it's small enough (physically) to fit on a keyring I guess. So such a person would just carry it with them.
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
July 15, 2013, 02:29:27 PM |
|
caveden, it's small enough (physically) to fit on a keyring I guess. So such a person would just carry it with them.
Yes, that's reasonable. You can also lock it somewhere etc. I just wonder if concerned people will know about it and take necessary precautions.
|
|
|
|
Binford 6100
|
|
July 15, 2013, 11:47:23 PM |
|
|
You can't build a reputation on what you are going to do.
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
July 16, 2013, 01:18:08 AM |
|
Trezor uses two-factor authentication - something you have (trezor) and something you know (PIN). If an attacker has physical access to your Trezor and he also controls your computer, you're screwed.
Not wanting to be negative or anything - Trezor is definitely a great improvement on security since our greatest worry right now are malwares - but we should note that its currently configuration makes it vulnerable to the "evil (and tech-savvy) maid attack". Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device. I don't think that's a major risk, in the sense that it won't happen frequently, but it's worth noting anyway. Some people can't afford to fully trust those they share their living space with. Think college students for ex., particularly computer science college students who happen to share their room with people who were just put there by the residency administration. They barely know each other... Just boot your os from a disk when ever you use your trezor
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
neoranga
Newbie
Offline
Activity: 50
Merit: 0
|
|
July 16, 2013, 07:29:15 AM |
|
hmm... a great device.
Even better would be the standalone;
same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.
Question folks - which Android app can do offline transactions using QRcodes and a camera?
If by offline transactions with QR codes you meant this below, it has not been implemented yet, neither with QR codes neither with NFC. https://bitcointalk.org/index.php?topic=230010.msg2424481
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
July 16, 2013, 07:38:59 AM |
|
Just boot your os from a disk when ever you use your trezor
Encrypted disks (LUKS, Truecrypt...) are also good, but you're still vulnerable to hardware key-loggers. I think the best is not to let the device accessible as Mike suggests. Either carry it always with you or lock it somewhere.
|
|
|
|
drazvan
|
|
July 17, 2013, 12:52:13 PM |
|
hmm... a great device.
Even better would be the standalone;
same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.
Question folks - which Android app can do offline transactions using QRcodes and a camera?
You mean like this: https://bitcointalk.org/index.php?topic=210371.0 ?
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
July 17, 2013, 01:36:51 PM |
|
hmm... a great device.
Even better would be the standalone;
same thing with a display that can show QRcodes, a camera and a micro usb port switchable to charge only (no data) mode.
Question folks - which Android app can do offline transactions using QRcodes and a camera?
You mean like this: https://bitcointalk.org/index.php?topic=210371.0 ? that's pretty cool.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
AngelSky
|
|
July 17, 2013, 03:44:07 PM |
|
I love the idea and the fact you moved your ass to make something happen Btw, I know it's hard to make a good commercial video but we can see you're reading I think you don't need to make an Apple-like-commercial-things, just try to be yourself! Good product, will follow and buy. Wish you the best, Patrick
|
|
|
|
P_Shep
Legendary
Offline
Activity: 1795
Merit: 1208
This is not OK.
|
|
July 17, 2013, 06:59:29 PM |
|
I was thinking the other day... it's too small to have a whole keyboard in order to type in a pass-phrase etc., but what about tapping in a pass-beat? When you set it up, you tap in a rhythm, a few time probably to get a good average, then when it come to singing the Tx, you tap out the rhythm again.
|
|
|
|
WinTame2012
|
|
July 17, 2013, 09:10:49 PM |
|
I was thinking the other day... it's too small to have a whole keyboard in order to type in a pass-phrase etc., but what about tapping in a pass-beat? When you set it up, you tap in a rhythm, a few time probably to get a good average, then when it come to singing the Tx, you tap out the rhythm again.
It's even easier to build in a cross-arrows like that founds on the gamepads ^ < > v and then tap a sequence like a good ol' Mortal Kombat fatality combo: >>^>v<<> and voila! You've authenticated TX on the Trezor device. No key-logger fears anymore.
|
|
|
|
P_Shep
Legendary
Offline
Activity: 1795
Merit: 1208
This is not OK.
|
|
July 17, 2013, 10:32:59 PM |
|
It's even easier to build in a cross-arrows like that founds on the gamepads ^ < > v
and then tap a sequence like a good ol' Mortal Kombat fatality combo: >>^>v<<> and voila! You've authenticated TX on the Trezor device. No key-logger fears anymore.
I thought about that, but I think I could more consistantly hum a tune, or tap out a beat, than I could remember a set of directions. Plus it uses less buttons. Plus it doesn't depend on the positions of the buttons, should they change or differ between hardware (you know how you muscle memory your PIN)... go compare a phone layout, to a calculator layout
|
|
|
|
stick
|
|
July 17, 2013, 11:30:13 PM |
|
Sorry to disappoint you, but the button layout will not change. At least not in the first batch. :-)
|
|
|
|
P_Shep
Legendary
Offline
Activity: 1795
Merit: 1208
This is not OK.
|
|
July 18, 2013, 12:01:47 AM |
|
At least not in the first batch. :-)
Exactly.
|
|
|
|
Delver
Newbie
Offline
Activity: 11
Merit: 4
|
|
July 31, 2013, 02:24:03 PM |
|
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device. This is exactly what I am worried about. I recognize the fact that some people prefer comfort when entering their PIN as opposed to an additional security precaution, but wouldn't it be beneficial to allow both methods of PIN input - on the device and/or the computer keyboard? The button layout of the Trezor makes it clumsy to punch in the PIN, but far from impossible. Many of us would sleep easier knowing our security could not have been compromised because of an infected computer. At the same time, those who prefer the comfort of their keyboards can simply not utilize this feature and enter the PIN as it was originally planned by the developers. It's really just a matter of modifying the software and I urge the developers to at least consider it.
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
July 31, 2013, 02:35:53 PM |
|
Somebody tech-savvy enough with physical access to your place (a maid, a boyfriend/girlfriend, a roommate etc) could deliberately infect your computer while you're not around to get the PIN. Even a hardware key-logger would suffice. Once with the PIN, s/he only needs to steal the device. This is exactly what I am worried about. I recognize the fact that some people prefer comfort when entering their PIN as opposed to an additional security precaution, but wouldn't it be beneficial to allow both methods of PIN input - on the device and/or the computer keyboard? The button layout of the Trezor makes it clumsy to punch in the PIN, but far from impossible. Many of us would sleep easier knowing our security could not have been compromised because of an infected computer. At the same time, those who prefer the comfort of their keyboards can simply not utilize this feature and enter the PIN as it was originally planned by the developers. It's really just a matter of modifying the software and I urge the developers to at least consider it. But the PIN is one-time
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
|