[ESHOP launched] Trezor: Bitcoin hardware wallet

[Maidak]

If I can get confirmation that this can work with https://github.com/btcgear/OpenCart_Bitcoin this module I'll pre order one right now, but I haven't been able to verify it will work. Can anyone confirm?

[StarfishPrime]

Trezor is at heart just a secure display with a couple of buttons and a small CPU. Such a thing has massive applications in all kinds of areas outside of Bitcoin. If they can scale up and get the costs down, stick and slush could build an decent sized business just selling these gadgets to businesses that want strong authorization of certain actions. Any company that currently uses 2-factor authentication for logging in could potentially benefit from the upgrade - including banks!

I think it'd make sense to pursue such markets, even though they aren't Bitcoin related. The money made from them can always be reinvested into other Bitcoin related research, and making the rest of the world more secure at the same time is a clear win for humanity.

There are probably many specialty crypto applications where Trezor would excel, but for 2-factor Yubikey pretty much owns that space already. Tough to compete with a $2 (cost) USB plug.

Yubico has shipped millions of YubiKeys to more than 40,000 customers in 120 countries around the world..

http://www.yubico.com/about/reference-customers/ 

[dillpicklechips]

Trezor is at heart just a secure display with a couple of buttons and a small CPU. Such a thing has massive applications in all kinds of areas outside of Bitcoin. If they can scale up and get the costs down, stick and slush could build an decent sized business just selling these gadgets to businesses that want strong authorization of certain actions. Any company that currently uses 2-factor authentication for logging in could potentially benefit from the upgrade - including banks!

I think it'd make sense to pursue such markets, even though they aren't Bitcoin related. The money made from them can always be reinvested into other Bitcoin related research, and making the rest of the world more secure at the same time is a clear win for humanity.

There are probably many specialty crypto applications where Trezor would excel, but for 2-factor Yubikey pretty much owns that space already. Tough to compete with a $2 (cost) USB plug.

Yubico has shipped millions of YubiKeys to more than 40,000 customers in 120 countries around the world..

http://www.yubico.com/about/reference-customers/ 

YubiKeys are JUST for securing an online account. A Trezor (or Bitcoin client) could act as an identity in of itself! It's not 2-factor authentication but a single source of authentication that can be identified and tied to a Bitcoin public key.

[dillpicklechips]

YubiKeys are JUST for securing an online account. A Trezor (or Bitcoin client) could act as an identity in of itself! It's not 2-factor authentication but a single source of authentication that can be identified and tied to a Bitcoin public key.

To clarify:

Pretend my identity is: 153eqRZVdUXp1LbKD3geJWMYL5NSmwYWMr

I can use the Trezor to guarantee no one else can fake that identity. To sign in with that identity I just sign random data that website gives me to sign in. No one else, unless they have the Trezor, can sign the random data with the Bitcoin address 153eqRZVdUXp1LbKD3geJWMYL5NSmwYWMr.

I could even post a message:

"I am dillpicklechips and I approve of this message"
IIqGxd1wDMhhab7OF7nqo3NZXiFOC8iLcnc0/rGQ57q9s3YA/4ecpUFc27SRJRhO9OP2IDH2vuiY4UjPd/TSL5k=  (made up signature would be something like this, not valid though)

Only someone with my Trezor could create a valid signature. It allows a lot of cool uses where no one can pretend to be you without the actual hardware!

Passwords, 2-factor auth, could all be a thing in the past! The Trezor keeps the private key hidden and secure. As long as I keep the device safe, my identity is safe. And for the online world that is a VERY exciting thing!

[stick]

Tough to compete with a $2 (cost) USB plug.

Right. But Yubikey can't protect you from phishing, while on TREZOR you could check on display if you are trying to log in to the right website. Also TREZOR can hold infinite number of "identities", while Yubikey is just one identity.

[CIYAM]

As long as I keep the device safe, my identity is safe.

And that is the problem - there is a reason why hardware devices are the 2nd factor - they can be lost or stolen.

Although I like the idea of a single non-password method of logging in I don't know how you are going to actually stop it from just being used by someone else without resorting back to a PIN or password again (and adding some sort of bio-scanning to the Trezor would probably not be a very financially viable option).

[StarfishPrime]

YubiKeys are JUST for securing an online account. A Trezor (or Bitcoin client) could act as an identity in of itself! It's not 2-factor authentication but a single source of authentication that can be identified and tied to a Bitcoin public key.

A Yubikey has a unique, singular identity too (one key can be used on any number of sites) The real distinction being only that Yubico (sweden) is the central "identity verification server", whereas with Trezor it could verify against the blockchain, which may have a few advantages. (The 'off-label' use of the blockchain for verifying ID etc isn't really that new).

The problem is that if someone steals your Trezor (or YubiKey) then it's really a distinction without a difference. Back in the early days of web based banking (very early, like "Netscape" early) banks provided hardware crypto boxes with a keypad and LCD, conceptually not unlike a Trezor, except USB wasn't invented yet. They used a challenge-response model, where the box signed a numerical "message" that was provided, and you typed the result back into your browser. Same thing there. Just too cumbersome and it was soon abandoned with the advent of SSL, etc. 2-factor verification has only relatively recently made a comeback for widespread use.

It's surprising that people still believe SSL provides any privacy at all considering recent revelations by Ladar Levison (Lavabit founder), Mr. Snowden etc.
ALL SSL communication should be considered a 3-way conversation (as in you, me and the [insert 3-letter agency of your choice]). It may be "secure" but it's certainly not private.

[StarfishPrime]

...
Only someone with my Trezor could create a valid signature. It allows a lot of cool uses where no one can pretend to be you without the actual hardware!

Ummm.. yes. That's the problem, exactly.

Passwords, 2-factor auth, could all be a thing in the past! The Trezor keeps the private key hidden and secure. As long as I keep the device safe, my identity is safe. And for the online world that is a VERY exciting thing!

... that's basically advocating a return to 1-factor verification (using a Trezor instead of a password). There may be a lot of great uses for a Trezor but that's not going to be one of them!

Don't get me wrong - the Trezor is a great innovation for bitcoin, with many other potential applications, but hardware signing has been tested, used and mostly abandoned for online banking over the past two decades (crypto-boxes, smartcards, etc.). Just saving you some time.

[stick]

... that's basically advocating a return to 1-factor verification (using a Trezor instead of a password).

For signing using TREZOR you'd need to provide passphrase/pincode as well. So it is 2FA.

[StewieG]

Just saw the video, your accent is indeed funny, but I guess mine is too! ^^ Love trezor, would be great if you could team up with the bitcoin atm guys and maybe implement the system in the atms in the near future! That would make things sooo super sweeet!

[dillpicklechips]

Thanks for all the replies. I'm still learning about this device from all the little snippits of details. I can't wait to see the complete setup with some reviews by security professionals!

Keep up the good work guys! You guys are providing a vastly needed device for Bitcoin!

[hazek]

Can Trezor potentially be used like this?:

• User registers with a Bitcoin address(or a public key) with a service. That service then needs to require a unique random message to be signed with the corresponding private key for each login attempt. The private key is stored on Trezor. The site provides the message, the users signs it through a client by getting authorization via Trezor, and then sends the signed random message to the service in order to gain access. The service then also provides the option to have each critical request be confirmed with the exact same procedure but with different public key to protect against session hijacking.

[dillpicklechips]

Can Trezor potentially be used like this?:

• User registers with a Bitcoin address(or a public key) with a service. That service then needs to require a unique random message to be signed with the corresponding private key for each login attempt. The private key is stored on Trezor. The site provides the message, the users signs it through a client by getting authorization via Trezor, and then sends the signed random message to the service in order to gain access. The service then also provides the option to have each critical request be confirmed with the exact same procedure but with different public key to protect against session hijacking.

Yes, which is why I think the Trezor will be very popular, especially with exchanges!

[dillpicklechips]

As long as I keep the device safe, my identity is safe.

And that is the problem - there is a reason why hardware devices are the 2nd factor - they can be lost or stolen.

Although I like the idea of a single non-password method of logging in I don't know how you are going to actually stop it from just being used by someone else without resorting back to a PIN or password again (and adding some sort of bio-scanning to the Trezor would probably not be a very financially viable option).

From the FAQ:

If somebody steals my Trezor, they'll just empty out my wallet before I have the chance to restore anyway. Right?

Not at all. All operations on TREZOR require the user to enter a PIN and a one-time password (OTP) . The attacker would have to guess your PIN which is very difficult because the one-time password makes brute-force attack almost impossible.


So it appears secure even if I lose it! I just have to get another Trezor, restore the seed I wrote down to the new Trezor, empty it, and then reset the Trezor with a new seed and fund the Trezor.

[CIYAM]

Not at all. All operations on TREZOR require the user to enter a PIN and a one-time password (OTP) . The attacker would have to guess your PIN which is very difficult because the one-time password makes brute-force attack almost impossible.

Aha - so it does use a PIN although I am guessing that the PIN is being typed in on the PC (so is vulnerable to key logging).

I think if the PIN were to be entered into the device directly (i.e. no chance of key logging) then it would be a much better (although requiring at least a numeric keypad - a more expensive) solution.

[weaknesswaran]

Not at all. All operations on TREZOR require the user to enter a PIN and a one-time password (OTP) . The attacker would have to guess your PIN which is very difficult because the one-time password makes brute-force attack almost impossible.

Aha - so it does use a PIN although I am guessing that the PIN is being typed in on the PC (so is vulnerable to key logging).

I think if the PIN were to be entered into the device directly (i.e. no chance of key logging) then it would be a much better (although requiring at least a numeric keypad - a more expensive) solution.

The pin is typed that way:

Client displays:
OOO
OOO
OOO

trezor display (changes every time):
954
128
367

So no chance for keyloggers.

[dillpicklechips]

Not at all. All operations on TREZOR require the user to enter a PIN and a one-time password (OTP) . The attacker would have to guess your PIN which is very difficult because the one-time password makes brute-force attack almost impossible.

Aha - so it does use a PIN although I am guessing that the PIN is being typed in on the PC (so is vulnerable to key logging).

I think if the PIN were to be entered into the device directly (i.e. no chance of key logging) then it would be a much better (although requiring at least a numeric keypad - a more expensive) solution.

The pin is typed that way:

Client displays:
OOO
OOO
OOO

trezor display (changes every time):
954
128
367

So no chance for keyloggers.

That is sweet! Man, I wish I had a BTC to buy one!

[CIYAM]

The pin is typed that way:

Client displays:
OOO
OOO
OOO

trezor display (changes every time):
954
128
367

So no chance for keyloggers.

Oh - I hadn't picked that up (must have missed some posts) - must admit now it is looking a lot better than I had thought being used as a general authentication device.

[HurtK]

Not at all. All operations on TREZOR require the user to enter a PIN and a one-time password (OTP) . The attacker would have to guess your PIN which is very difficult because the one-time password makes brute-force attack almost impossible.

Aha - so it does use a PIN although I am guessing that the PIN is being typed in on the PC (so is vulnerable to key logging).

I think if the PIN were to be entered into the device directly (i.e. no chance of key logging) then it would be a much better (although requiring at least a numeric keypad - a more expensive) solution.

The pin is typed that way:

Client displays:
OOO
OOO
OOO

trezor display (changes every time):
954
128
367

So no chance for keyloggers.

That is sweet! Man, I wish I had a BTC to buy one!

if you dont have BTC, you dont need one

[bitpop]

Lol