|
jmw74
|
 |
August 07, 2014, 08:47:24 PM |
|
What about using your trezor to digitally sign arbitrary data? Does it have that functionality? I'm guessing it does since they have plans to use it for authentication but not sure.
bump I remember seeing Slush or Stick post somewhere that there are working on that. I assume they realize Trezor's potential as a security device for anything, not just bitcoin. I look forward to seeing what they come up with. |
|
|
|
|
slush (OP)
Legendary
 Offline
Activity: 1386
Merit: 1097
|
|
August 07, 2014, 09:01:00 PM |
|
The problem with passwords is that people know there is (at least one) password set on the device when it's plugged into the computer.
The solution is to press "Forget device" everytime you leave computer. Problem solved, even without any weird logic in mytrezor  . |
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
August 07, 2014, 09:02:16 PM |
|
What about using your trezor to digitally sign arbitrary data? Does it have that functionality? I'm guessing it does since they have plans to use it for authentication but not sure.
I remember that I already answered this earlier. TREZOR has support of signing bitcoin messages already (like Bitcoin-qt, Electrum and others), it's not in myTREZOR yet (will be very soon). |
|
|
|
dnaleor
Legendary
Offline
Activity: 1470
Merit: 1000
Want privacy? Use Monero!
|
|
August 07, 2014, 09:29:01 PM
Last edit: August 07, 2014, 10:27:19 PM by dnaleor |
|
The problem with passwords is that people know there is (at least one) password set on the device when it's plugged into the computer.
The solution is to press "Forget device" everytime you leave computer. Problem solved, even without any weird logic in mytrezor . Not really, when a burglar finds my Trezor and plugs it into a laptop, he sees that mytrezor is asking for a password... If we have the possibility to create an account without password protection, they can just empty the wallet (if no pin is set). Meanwhile, the large stash can be hidden with a password... Of course, I could create 2 accounts with different recovery seed :-) |
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
August 07, 2014, 09:32:30 PM |
|
What about using your trezor to digitally sign arbitrary data? Does it have that functionality? I'm guessing it does since they have plans to use it for authentication but not sure.
I remember that I already answered this earlier. TREZOR has support of signing bitcoin messages already (like Bitcoin-qt, Electrum and others), it's not in myTREZOR yet (will be very soon). Sorry. I did a text search through all of the pages since then for my handle to make sure that you hadn't replied to me. Anyway awesome. Can't wait. |
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
|
JorgeStolfi
|
|
August 07, 2014, 11:58:11 PM |
|
I wonder if any of you read Stanislaw Lem's Return from the Stars (1961) and recall the payment device described therein?
Ifit weren't for one quaint detail, it would have been surprisingly prophetic...
|
Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
|
|
|
|
cor
|
|
August 08, 2014, 12:19:52 AM |
|
|
|
|
|
bitpop
Legendary
Offline
Activity: 2912
Merit: 1060
|
|
August 08, 2014, 01:04:59 AM |
|
Is there any security lost by restoring your Trezor using the recovery seed? I ask this because you have to type in the recovery seed on the computer. I know it is in a different order, but say if you had a keylogger, how much would this increase the chance of someone guessing your recovery seed, since they would know the words?
Yes definitely recover, move then wipe |
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
August 08, 2014, 01:11:17 AM |
|
Is there any security lost by restoring your Trezor using the recovery seed? I ask this because you have to type in the recovery seed on the computer. I know it is in a different order, but say if you had a keylogger, how much would this increase the chance of someone guessing your recovery seed, since they would know the words?
The number of combinations with a 24 word seed after each word is known but the ranking is not, is: 24! ~ 6.2 × 10^23 |
|
|
|
|
blubberli
|
|
August 08, 2014, 02:45:23 AM |
|
Hehe, I don't want to read the whole thread. Which shipping company you use? I only accept DHL.
|
|
|
|
devthedev
Legendary
Offline
Activity: 1050
Merit: 1004
|
|
August 08, 2014, 02:46:16 AM |
|
Hehe, I don't want to read the whole thread. Which shipping company you use? I only accept DHL.
Not sure, the tracking number is coming through with USPS for me. |
|
|
|
slush (OP)
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
August 08, 2014, 02:46:54 AM |
|
Hehe, I don't want to read the whole thread. Which shipping company you use? I only accept DHL.
DHL is in process, right now we do use national posts (USPS in US). Actually returning rate is quite low so far and no device has been lost yet. The only downside is that delivery may take some time to some countries, comparing to DHL... |
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
August 08, 2014, 03:41:24 AM |
|
I only accept DHL.
May I ask why? |
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
|
klokan
|
|
August 08, 2014, 05:08:08 AM |
|
Is there any security lost by restoring your Trezor using the recovery seed? I ask this because you have to type in the recovery seed on the computer. I know it is in a different order, but say if you had a keylogger, how much would this increase the chance of someone guessing your recovery seed, since they would know the words?
The number of combinations with a 24 word seed after each word is known but the ranking is not, is: 24! ~ 6.2 × 10^23 You need to put this into perspective. When using 24 words, the Trezor seed is 256bit long, i.e., 1E77. Any single address generated is 160bit long, i.e., 1E48. Those are some huge numbers. 1E23 is child's play compared to that. If the number of combinations is 1E77 before you keylog the words and it becomes 1E23 after you keylog them, then the recovered Trezor is 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 times less secure then the unrecovered one. Please note that Trezor uses key stretching techniques, so to find whether the 24 words that have been keylogged contain(ed) some BTC, you need to do more than 10^23 hashes. It should be something like 10^28. But there is also 10^13 Hash/s hardware out there. If something like that was manufactured for Trezor breaking then you would need 10^8 of those to break one recovered Trezor in a year time. I guess that considering price of such equipment and the possibility you break an empty(emptied) Trezor rules out such attack (for now). I would still recommend to transfer your funds to unrecovered Trezor after recovery to get 1E77 protection back. I would also not recommend using less than 24 words. |
|
|
|
|
|
dillpicklechips
|
|
August 08, 2014, 05:14:49 AM |
|
Is there any security lost by restoring your Trezor using the recovery seed? I ask this because you have to type in the recovery seed on the computer. I know it is in a different order, but say if you had a keylogger, how much would this increase the chance of someone guessing your recovery seed, since they would know the words?
The number of combinations with a 24 word seed after each word is known but the ranking is not, is: 24! ~ 6.2 × 10^23 You need to put this into perspective. When using 24 words, the Trezor seed is 256bit long, i.e., 1E77. Any single address generated is 160bit long, i.e., 1E48. Those are some huge numbers. 1E23 is child's play compared to that. If the number of combinations is 1E77 before you keylog the words and it becomes 1E23 after you keylog them, then the recovered Trezor is 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 times less secure then the unrecovered one. Please note that Trezor uses key stretching techniques, so to find whether the 24 words that have been keylogged contain(ed) some BTC, you need to do more than 10^23 hashes. It should be something like 10^28. But there is also 10^13 Hash/s hardware out there. If something like that was manufactured for Trezor breaking then you would need 10^8 of those to break one recovered Trezor in a year time. I guess that considering price of such equipment and the possibility you break an empty(emptied) Trezor rules out such attack (for now). I would still recommend to transfer your funds to unrecovered Trezor after recovery to get 1E77 protection back. I would also not recommend using less than 24 words. I'm pretty sure it also asks you to enter words not in your seed in case of a key logger as well. |
|
|
|
|
|
klokan
|
|
August 08, 2014, 05:30:02 AM |
|
Is there any security lost by restoring your Trezor using the recovery seed? I ask this because you have to type in the recovery seed on the computer. I know it is in a different order, but say if you had a keylogger, how much would this increase the chance of someone guessing your recovery seed, since they would know the words?
The number of combinations with a 24 word seed after each word is known but the ranking is not, is: 24! ~ 6.2 × 10^23 You need to put this into perspective. When using 24 words, the Trezor seed is 256bit long, i.e., 1E77. Any single address generated is 160bit long, i.e., 1E48. Those are some huge numbers. 1E23 is child's play compared to that. If the number of combinations is 1E77 before you keylog the words and it becomes 1E23 after you keylog them, then the recovered Trezor is 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 times less secure then the unrecovered one. Please note that Trezor uses key stretching techniques, so to find whether the 24 words that have been keylogged contain(ed) some BTC, you need to do more than 10^23 hashes. It should be something like 10^28. But there is also 10^13 Hash/s hardware out there. If something like that was manufactured for Trezor breaking then you would need 10^8 of those to break one recovered Trezor in a year time. I guess that considering price of such equipment and the possibility you break an empty(emptied) Trezor rules out such attack (for now). I would still recommend to transfer your funds to unrecovered Trezor after recovery to get 1E77 protection back. I would also not recommend using less than 24 words. I'm pretty sure it also asks you to enter words not in your seed in case of a key logger as well. I'm pretty sure it does not ask for more words in case of 24 words seed: https://github.com/trezor/trezor-mcu/blob/master/firmware/recovery.c#L97 |
|
|
|
|
Mental Fight
Newbie
Offline
Activity: 15
Merit: 0
|
|
August 08, 2014, 07:39:10 AM |
|
interested wallet but when hardware lost ? get tsunami ? my money will loss ?
|
|
|
|
|
|
idee2013
|
|
August 08, 2014, 07:43:23 AM |
|
interested wallet but when hardware lost ? get tsunami ? my money will loss ?
you can recovery everything...only if you lose you "paperwallet with the seeds" and the trezor everything will be lost. Read the faq or the manual |
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
August 08, 2014, 11:44:04 AM |
|
interested wallet but when hardware lost ? get tsunami ? my money will loss ?
Obviously, nobody would be excited about this product at all if this was the case. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
21pilot
|
|
August 08, 2014, 12:12:39 PM |
|
anyone interested in selling their metallic version of Trezor?
Or any time estimate when they will be available for sale again, slush?
|
|
|
|
|
|
