[ESHOP launched] Trezor: Bitcoin hardware wallet

[anarchoatheist]

I am running Ubuntu 14.04. mytrezor.com works perfectly in Firefox. In Opera it works but is automatically forgetting the trezor whenever it is unplugged. I have no idea how to get it working in Chrome. I go to the mytrezor website and I just get the dialogue box that tells me that I need to install the plugin. I have already done this and have restarted the Chrome browser. How do I fix this?

[stick]

How do I fix this?

There is currently no fix for Chrome/Chromium. We are working on a solution (bridge) that will replace the plugin, but you'll need to use Firefox for now.

[zhinkk]

* Impossibility to re-flash the device with malicious code

Does this mean we won't be able to flash updates on the trezor? Like updates you could provide us that offer more functionality to the device?

[MakeBelieve]

* Impossibility to re-flash the device with malicious code

Does this mean we won't be able to flash updates on the trezor? Like updates you could provide us that offer more functionality to the device?

That's exactly what it means.

[BurtW]

* Impossibility to re-flash the device with malicious code

Does this mean we won't be able to flash updates on the trezor? Like updates you could provide us that offer more functionality to the device?

That's exactly what it means.

No, you are wrong.  I have already updated the code on my Trezor once and expect more updates in the future.  The important word to pay attention to in that sentence is the adjective malicious.

[JorgeStolfi]

* Impossibility to re-flash the device with malicious code

Does this mean we won't be able to flash updates on the trezor? Like updates you could provide us that offer more functionality to the device?

No, you are wrong.  I have already updated the code on my Trezor once and expect more updates in the future.  The important word to pay attention to in that sentence is the adjective malicious.

... that actually should be "code not signed by Satoshi labs".  A hacker who wants to load malicious code into your Trezor would have to get hold of their signing key, or trick them into signing his code, or trick you into ignoring the device's warning.

[molecular]

I'm so happy!

I just checked out electrums trezor plugin... it rocks!

I can even name my trezor accounts (labels can even be synced accross clients, encryptedly via central server http://labelectrum.herokuapp.com/)

Electrums coin control features (freeze address, prioritize address, send from address) fully work with the trezor wallet.

Now I have the best of both worlds: a real local light client with a multitude of servers to choose from (or run my own) and coin-control features plus the security of the trezor.

Please don't shill for them about an unstable merger. I have just redownloaded electrum and it DOES NOT COMMUNICATE WITH THE TREZOR.


GOING ON DAY 5 OF NOT HAVING ACCESS TO MY MONEY ON MY TREZOR. SO YEAH STAY AWAY TREZOR IS A SCAM AS THEY ARE UNPROFESSIONAL, UNRELIABLE AND PLAIN RUDE.


I WILL BE POSTING THIS EVERYDAY UNTIL I GET MY MONEY OUT OF MY TREZOR.

You could try https://github.com/spesmilo/electrum, but I'm not sure it's doable in your emotional state.

[molecular]

The root key is all that's needed. It's how armory behaves. Forgetting passwords happens more often than theft.

Just to be clear we are talking about password and not pin correct? Because i really don't think this is right. Why would there be such a strong warning on the trezor for password users if the coins could be recovered from seed without the password?

Yeah I'm pretty sure. Only way to find out is to test.

I highly doubt the password protects the root.

The passphrase is added to the seed. Therefore you'll need it.

[kkurtmann]

You do know that BIP44 is an extension of BIP 32 so the custom path will not work...

Armory is not BIP32 compatible, the root key that armory uses is not a BIP32 key, plus mnemonic seeds require some extra hashing as per BIP 39.

Let me remind you, what you did instead:
1. You contacted support and did not provide them answers to the question they needed.
2. You demanded fix to your problem immediately. It is understandable, because your money are blocked (please note the difference between blocked and lost). But on the other hand, it does not work like this with fixing errors in free web wallet with error being in another free third party library. The fixes do not fall out of the sky on the next day.
3. Then you alienated all the people who can help you by yelling at them and putting negative trust feedback on them.
4. You also rejected all the workarounds thrown at you.

I'm sorry, but there is no help for a guy like you....

 wish I could upvote this

[mmeijeri]

wish I could upvote this

Yeah, that would be nice. In the meantime, you can put gweedo on ignore.

[stick]

* Impossibility to re-flash the device with malicious code

Does this mean we won't be able to flash updates on the trezor? Like updates you could provide us that offer more functionality to the device?

You can. But updates are signed and the signatures are checked so you cannot re-flash the device with malicious code only with a good one. :-)

[Anon136]

* Impossibility to re-flash the device with malicious code

Does this mean we won't be able to flash updates on the trezor? Like updates you could provide us that offer more functionality to the device?

You can. But updates are signed and the signatures are checked so you cannot re-flash the device with malicious code only with a good one. :-)

Do you store a copy of your public key on ROM inside of the devise which the devise then checks signatures against?

[stick]

Do you store a copy of your public key on ROM inside of the devise which the devise then checks signatures against?

Yes. Actually there are 5 and we use 3-of-5 scheme.

[mmeijeri]

Yes. Actually there are 5 and we use 3-of-5 scheme.

Do you store those signing keys themselves on a Trezor?

[gweedo]

You do know that BIP44 is an extension of BIP 32 so the custom path will not work...

Armory is not BIP32 compatible, the root key that armory uses is not a BIP32 key, plus mnemonic seeds require some extra hashing as per BIP 39.

You are wrong again. BIP44 is an extension that defines which paths should be used. http://bip32.org/ is enough to generate your addresses if you enter correct path. Let me show you:

You take your account BIP32 key from myTrezor web wallet:



Plug it into bip32.org:



and you can generate all your Trezor adresses. For example the one on the image above is the first address on my first account. I can see it in my transaction history:



Now, what I showed you is how you generate public ones only, but if you used python-trezor you could have generated master seed from your recovery words, enter it into bip32.org and get every single private key of your wallet. Then you could use it with any other wallet you like. For instance Armory as suggested in the post you are answering.

Let me remind you, what you did instead:
1. You contacted support and did not provide them answers to the question they needed.
2. You demanded fix to your problem immediately. It is understandable, because your money are blocked (please note the difference between blocked and lost). But on the other hand, it does not work like this with fixing errors in free web wallet with error being in another free third party library. The fixes do not fall out of the sky on the next day.
3. Then you alienated all the people who can help you by yelling at them and putting negative trust feedback on them.
4. You also rejected all the workarounds thrown at you.

I'm sorry, but there is no help for a guy like you....

But you are using the path, m/0/0 which is not the path for trezor, so I am having a hard time to believe that this is actually worked. Also I just did this with my public key and didn't not get one single address from my trezor.

The correct path is...

m/44'/0'/0'/0/0

Which is currently only compatible with BIP 44 wallets, not BIP 32, they require different hashing.


Also bip32.org doesn't support BIP 39 which is required for the seed. BIP32 source code shows that it just 50,000 rounds of hashing that would be incompatible with BIP 39 seeds. Trust me I know what I talking about.



1) I provided the line number of the error, not once but twice, how is that not showing them what they need?

2) No my funds could be lost, as I tried to broadcast a transaction which is signed and could be broadcasted at any time, that was my concern, more than anything. So can you please read what I write, and understand it.

3) No they were rude to me in the helpdesk, as they are currently understaffed, plus this is like the forth issue with mytrezor, in the less than 3 months I had my trezor. So those things combined, deserve a negative feedback in my books.

Do you support the co-founder of the company doing this...


If this is how business is done and you support that business than, I feel sorry for you both of you. This extremely unprofessional and uncalled for, especially for someone that was an early support of this project. I helped make this a reality by pre-ordering and waiting a very long time for this device.


4) No I did my research, the only options available to me is to go buy a new device just to fix this (android to get wallet32) or use an unstable version of a wallet, that is still in testing that could hurt my bitcoins even more if their is a bug. Both these options are not viable working solutions to the problem of lazy coding.

[klokan]

But you are using the path, m/0/0 which is not the path for trezor, so I am having a hard time to believe that this is actually worked. Also I just did this with my public key and didn't not get one single address from my trezor.

The correct path is...

m/44'/0'/0'/0/0

Which is currently only compatible with BIP 44 wallets, not BIP 32, they require different hashing.

The BIP32 node displayed in myTrezor wallet for account 0 is m/44'/0'/0'. Thus entering it in bip32.org and doing two more derivations /0/0 gives me my account addresses m/44'/0'/0'/0/0. I did not have to do fake screenshots. I have other things to do. All Trezor owners can do the same and see it just works. Your argument is invalid. It works.

Also bip32.org doesn't support BIP 39 which is required for the seed. BIP32 source code shows that it just 50,000 rounds of hashing that would be incompatible with BIP 39 seeds. Trust me I know what I talking about.

That is why I mentioned you can use python-trezor to get seed from mnemonic. If' you don't like python, you can use gui from trezor-crypto. There are plenty of ways, but you are not going to use them.

1) I provided the line number of the error, not once but twice, how is that not showing them what they need?

This was not what was asked from you. Guys asked which transaction are you questioning. You never provided this information according to the screenshot you posted.

2) No my funds could be lost, as I tried to broadcast a transaction which is signed and could be broadcasted at any time, that was my concern, more than anything. So can you please read what I write, and understand it.

That is related to the above answer. You are concerned about a transaction that may get through, but you never provided any information about which transaction that is and what are the source and destination address of this transaction in question.

3) No they were rude to me in the helpdesk, as they are currently understaffed, plus this is like the forth issue with mytrezor, in the less than 3 months I had my trezor. So those things combined, deserve a negative feedback in my books.

They released their product two weeks ago. I believe it is normal that not all tickets are answered on the same day. They acknowledged in this forum that they had some delay in answering all the tickets. This should be over soon. Be patient. (ouch, you can't do that)

Do you support the co-founder of the company doing this...

Yes.

If this is how business is done and you support that business than, I feel sorry for you both of you. This extremely unprofessional and uncalled for, especially for someone that was an early support of this project. I helped make this a reality by pre-ordering and waiting a very long time for this device.

The device works fine. It is bitcoinj, third party library that does not work. This library is not part of the device and is not used by the device itself. It is used by the free web wallet you are using. Use some paid solution if you are not satisfied with it. According to my understanding, satoshilabs never wanted to create ANY wallet. They did it as a proof of concept, but you are using this web wallet for free.

4) No I did my research, the only options available to me is to go buy a new device just to fix this (android to get wallet32) or use an unstable version of a wallet, that is still in testing that could hurt my bitcoins even more if their is a bug. Both these options are not viable working solutions to the problem of lazy coding.

python-trezor is for free, bip32.org is for free, trezor-crypto gui is for free. electrum might be unstable BUT you are confirming your transaction on Trezor. You see receiving address on display. Trezor is stable and it is designed to work with computer that is trying to steal your coins. Using it with unstable electrum build is safe as long as you verify your transaction on Trezor display.

For wallet32, you don't have to use your own android device. You can use friend's device (if you have a friend). If none of these workarounds work for you, then just wait. They will fix it eventually.

[dillpicklechips]

The root key is all that's needed. It's how armory behaves. Forgetting passwords happens more often than theft.

Just to be clear we are talking about password and not pin correct? Because i really don't think this is right. Why would there be such a strong warning on the trezor for password users if the coins could be recovered from seed without the password?

Yeah I'm pretty sure. Only way to find out is to test.

I highly doubt the password protects the root.

The password adds to the seed. So every password you use is like using a whole new seed. If you forget the password you can't re-create the seed.

[blossbloss]

I expect my TREZOR to arrive some time this week! In the meantime, I have a few questions about the setup. I have read the online User Guide, but there are some details that are not clear to me:

1) At what point during the first time setup is it ok to unplug the TREZOR from the computer?  Do I have to wait for the full recovery seed recording to be completed?  Or is it safe to unplug the TREZOR, and still complete the initial setup?

2) If I want to set up a Multi-Passphrase Encryption, what are the exact sequence of actions.  The instructions are extremely vague, and I do not want to make a mistake.  (Does it only work right after the first time setup, or can I force a second setup after lots of use?  Is there a second set of recovery seeds that I need to record?)

3) Once there are more than one passphrase set up correctly, how do I access one when I plug it in?

4) Is there any detailed description or screenshots of how to use the multiple Accounts and their associated addresses?  (The user guide is sparse on details.)

Thanks

[dillpicklechips]

I expect my TREZOR to arrive some time this week! In the meantime, I have a few questions about the setup. I have read the online User Guide, but there are some details that are not clear to me:

1) At what point during the first time setup is it ok to unplug the TREZOR from the computer?  Do I have to wait for the full recovery seed recording to be completed?  Or is it safe to unplug the TREZOR, and still complete the initial setup?

2) If I want to set up a Multi-Passphrase Encryption, what are the exact sequence of actions.  The instructions are extremely vague, and I do not want to make a mistake.  (Does it only work right after the first time setup, or can I force a second setup after lots of use?  Is there a second set of recovery seeds that I need to record?)

3) Once there are more than one passphrase set up correctly, how do I access one when I plug it in?

4) Is there any detailed description or screenshots of how to use the multiple Accounts and their associated addresses?  (The user guide is sparse on details.)

Thanks

I don't have a trezor yet but keep in mind that only record one seed. The passwords you enter are just ways of adding to the seed. Inputing a trezor with no password will just display the default addresses. Using a password of "personal" will give another set. A password of "wife" will show another. The password allows using any number of seperate accounts. The only thing you have to remember is what the passwords are! So without the password you don't see the other group of addresses.

[gweedo]

Trezor is stable

I am not going to answer everything you wrote for two reasons, one I have addressed everything in your post. As well as I will not keep discussing this with someone that agrees being rude is professional, when I paid good money for this to work sorry but if this was free it be different. I am out 3BTCs and I had paid a fine on the transaction I was sending. So right now Trezor is costing me a lot of money to do nothing. Clearly it isn't stable if the web wallet can't handle p2sh transactions, it is a simple part of the bitcoin protocol.

Also trezor web wallet claims to be using bitcoinjs-lib which I have proven handles those p2sh transaction hex just fine... Stick and Slush are just being plan lazy or incompetent to fix the issue.