Bitcoin Forum
November 12, 2024, 03:16:18 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 [47] 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966172 times)
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
November 29, 2013, 02:48:36 AM
 #921

When I paid for my Trezor on the first of October, Bitcoin was valued at $140.00USD. I felt comfortable buying one for that much fiat, but I would not consider buying one for $800.00USD.

I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)

more or less retired.
FlappySocks
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
November 29, 2013, 02:59:51 AM
 #922

I'm hoping there will be some form of gift to those that paid early. Maybe a free or at least heavily discounted 2ng generation model, whenever that comes out.

It will have NFC built into it hopefully, so it can be used at the checkout, as well as in your mobile.
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
November 29, 2013, 03:32:31 AM
 #923

I'm hoping there will be some form of gift to those that paid early. Maybe a free or at least heavily discounted 2ng generation model, whenever that comes out.

It will have NFC built into it hopefully, so it can be used at the checkout, as well as in your mobile.

That would be nice too!

more or less retired.
jballs
Member
**
Offline Offline

Activity: 182
Merit: 10


View Profile WWW
November 29, 2013, 03:44:23 AM
 #924

When I paid for my Trezor on the first of October, Bitcoin was valued at $140.00USD. I felt comfortable buying one for that much fiat, but I would not consider buying one for $800.00USD.


If you sell me ten bitcoins at the April 13 price I will buy your hardware wallet back from you for the current price.

Fair enough, right?  

If the BTC had dropped to $20 you would... ?  (I know the real world answer but y'all have a pretty different ethosphere here so I'm actually not sure).

Like watching the Weimar Republic in reverse. Pretty cool actually. Totally worth the education if you look at it that way. See: deflationary spiral...

cheers...

   H A R A                [  WHITEPAPER   │   LITEPAPER  ]                H A R A  
Empowering billions through data one byte at a time
TWITTER     GITHUB          REDDIT     FACEBOOK     BITCOINTALKLINKEDIN
bernard75
Legendary
*
Offline Offline

Activity: 1316
Merit: 1003



View Profile
November 29, 2013, 09:19:03 AM
 #925

I'm hoping there will be some form of gift to those that paid early. Maybe a free or at least heavily discounted 2ng generation model, whenever that comes out.

It will have NFC built into it hopefully, so it can be used at the checkout, as well as in your mobile.

That would be nice too!

Discouted upgrade would be nice indeed.
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
November 29, 2013, 09:41:51 PM
 #926

I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)

Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.

chrisrico
Hero Member
*****
Offline Offline

Activity: 496
Merit: 500


View Profile
November 30, 2013, 12:26:47 AM
 #927

Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.

What was the purpose of having the cost a fixed amount of bitcoin, rather than floating against the euro, then?
dingrite
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
November 30, 2013, 01:13:43 AM
 #928

I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)

Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.

You claim your device provides security, could you explain how does it provide security comparable to an airgapped computer?
What if malware intercepts wallet sign request and give out a forged request to the device when you legitimately ask it to sign something? The person with the device will have to read the small screen each time to be sure he isn't about to sign away all his bitcoins. How many will do so, especially if the malware is careful and does it only after it detects mass manual transactions when a user is less likely to pay attention for example?

You failed to respond to my earlier post, I wonder why.
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
November 30, 2013, 02:07:33 AM
 #929

I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)

Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.

You claim your device provides security, could you explain how does it provide security comparable to an airgapped computer?
What if malware intercepts wallet sign request and give out a forged request to the device when you legitimately ask it to sign something? The person with the device will have to read the small screen each time to be sure he isn't about to sign away all his bitcoins. How many will do so, especially if the malware is careful and does it only after it detects mass manual transactions when a user is less likely to pay attention for example?

You failed to respond to my earlier post, I wonder why.

These questions have been answered before.

Also malware can't forge a request because it shows you the request and you have to enter a pin to sign that transaction. If someone doesn't read the screen then that is their fault and shouldn't be upset if their coins are stolen.
dingrite
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
November 30, 2013, 03:25:26 AM
 #930

I actually bought two of them- the plastic ones. Stick- would it be possible to 'upgrade' mine to the Metal bodies? Considering the BTC I send is now worth over a $1000? :-)

Unfortunately no. Bitcoins were exchanged to Euro to cover productions costs, not held to speculate on exchange rate.

You claim your device provides security, could you explain how does it provide security comparable to an airgapped computer?
What if malware intercepts wallet sign request and give out a forged request to the device when you legitimately ask it to sign something? The person with the device will have to read the small screen each time to be sure he isn't about to sign away all his bitcoins. How many will do so, especially if the malware is careful and does it only after it detects mass manual transactions when a user is less likely to pay attention for example?

You failed to respond to my earlier post, I wonder why.

These questions have been answered before.

Also malware can't forge a request because it shows you the request and you have to enter a pin to sign that transaction. If someone doesn't read the screen then that is their fault and shouldn't be upset if their coins are stolen.

They changed it to a pin? Shows only 2 buttons in their video.
And it's easy to say those problems were mentioned before, a source would help.

It's called social engineering, if you carefully listen for multiple transactions where the user has to sign each one it would be easy to interject your own and have a large fraction of users fall for it. Likewise if it lets you sign multiple transactions at once on that puny screen you just insert your own.

Why would people want a device like that? Get an old PC, airgap it, store wallet on it. Sign stuff and propagate signed messages from any online PC. Anything else is asking for malware to steal it, no encryption would help you since the computer at some point has to know your private key to sign a transaction - the moment it knows it malware can get it.

And the funny thing is if you are cheap you don't need a second PC even, put an encrypted *nix OS onto a USB with networking disabled, sign transaction, copy onto another usb without any encryption the signed transaction and propagate it from your insecure windows.

The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.
FlappySocks
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
November 30, 2013, 03:40:07 AM
 #931

no encryption would help you since the computer at some point has to know your private key to sign a transaction

I thought the Trazor signed the transaction?
dingrite
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
November 30, 2013, 05:57:51 AM
 #932

no encryption would help you since the computer at some point has to know your private key to sign a transaction

I thought the Trazor signed the transaction?

It does, I was referring to when you just run a client and then encrypt your wallet in fancy ways. Most of that is useless.


The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.

This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots. Wink

And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.

But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.
JTrain_51
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
November 30, 2013, 06:01:37 AM
 #933

Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info

Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
jojo69
Legendary
*
Offline Offline

Activity: 3346
Merit: 4652


diamond-handed zealot


View Profile
November 30, 2013, 06:42:26 AM
 #934



And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.

But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.

aaaaaaaaaaaaaaaaaaaaaaaaand

ignore engaged

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
dingrite
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
November 30, 2013, 03:09:03 PM
 #935

The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.

This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots. Wink

And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.

But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.

I really doubt that people got a piece of pie, considering how expensive it is to develop hardware, plus they converted the bitcoins to fiat. So yeah. Also as for me not knowing anything about security, I have many sites that I have been contracted to do security on them. So yeah. The trezor just fits into my eco-system of bitcoin so I guess it doesn't work for you. Pre-orders aren't for everyone only the people that actually understand what a pre-order means.

Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info

Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!

This is why you probably need it! Blockchain is very unsecure wallet, but they are planning to add trezor support and that would make them very much the most secure web wallet known.

What security? Securing PHP against SQL injection and include? Do you know about various buffer overflows and how to exploit them? Do you know about how are ROP chains used to defeat DEP and partial ASLR?
We are talking about third party hardware here, one that has to accept various inputs through a USB. It opens such a vast attack surface you probably can't imagine it.
So lets ask the developers, are they planning to do complete ASLR on their little device? If not no one should trust it at all. Although no one will probably bother exploiting it if it will have a small user base.
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


Gresham's Lawyer


View Profile WWW
December 05, 2013, 06:43:30 PM
 #936

The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.

This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots. Wink

And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.

But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.

I really doubt that people got a piece of pie, considering how expensive it is to develop hardware, plus they converted the bitcoins to fiat. So yeah. Also as for me not knowing anything about security, I have many sites that I have been contracted to do security on them. So yeah. The trezor just fits into my eco-system of bitcoin so I guess it doesn't work for you. Pre-orders aren't for everyone only the people that actually understand what a pre-order means.

Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info

Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!

This is why you probably need it! Blockchain is very unsecure wallet, but they are planning to add trezor support and that would make them very much the most secure web wallet known.

What security? Securing PHP against SQL injection and include? Do you know about various buffer overflows and how to exploit them? Do you know about how are ROP chains used to defeat DEP and partial ASLR?
We are talking about third party hardware here, one that has to accept various inputs through a USB. It opens such a vast attack surface you probably can't imagine it.
So lets ask the developers, are they planning to do complete ASLR on their little device? If not no one should trust it at all. Although no one will probably bother exploiting it if it will have a small user base.


I don't know much about how they are planning to do it, but based on just the reading here, I would guess that ASLR is somewhat obviated through the ARM Invariant-timing packets and overflow handling, and FIFO overflow protection.
Careful implementation of stall processing can stall the processor until the FIFO buffer is empty.  This is a pretty safe defense even against the stack smashing ROP chains, but might still be exploitable through a environmental corner attack, if you can find enough edges.

It is possible that they have chosen an architecture that doesn't include FIFOFULL operations.  Maybe they will clarify.
Or maybe they will leave us guessing and let those that are going to try to break them predictably using this method to their own devices.  In that case I guess we will have to buy a few devices to find out.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
dnaleor
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000


Want privacy? Use Monero!


View Profile
December 20, 2013, 10:39:51 PM
 #937

Do you guys have already a shipping date in mind? I can not wait to test this device!  Grin

And for the critics: this device is designed to be used for non-geeks. There is a lot of potential for investors who are >30 years old and do not want a "live linux USB" or unsderstand how armoury works.

It is a GREAT product.

I only came across it when BTC was 150 USD and I found it a little too expensive (I am relatively late to the crypto world. Never heard of it although I am interested in programming/computers/economy). But when there was an opportunity to buy 2 for 1 BTC, I jumped in, found someone who also wanted a device and became a supporter since then.

I have met a lot of people who are hesitating to buy BTC because the storage issue is so complex. I refer them to a blockchain.info account (which is the most user friendly at the moment in my opinion) but I tell them: even when you take a backup, you do not want a keylogger on your PC because you will loose your coins. Then most of them are scared and ask, is there a better way. And then I tell them that currently, there is NO non-technical easy to use storage option for BTC. But I also tell them to check Bitcoin Trezor Wink
FlappySocks
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
December 20, 2013, 10:55:55 PM
 #938

There is a lot of potential for investors who are >30 years old and do not want a "live linux USB" or unsderstand how armoury works.

  Undecided  >30!  Jeez I feel old now.
JLM
Full Member
***
Offline Offline

Activity: 164
Merit: 100



View Profile
December 23, 2013, 01:38:33 PM
 #939

Hi.
Did you start to deliver devices?Huh
Thanks!!!

1Hyawq17jkzfpunPC6tTikpgMGSsekd98z
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
December 23, 2013, 09:16:32 PM
 #940

Hi.
Did you start to deliver devices?Huh
Thanks!!!

current plan is to start delivering in January

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 [47] 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!