[ESHOP launched] Trezor: Bitcoin hardware wallet

[Valzador]

Yay I got my Trezor today!!! 

It's sort of scary knowing that your recovery seed holds all your bitcoins.

[stick]

but how will the client get the correct hash to compare to, and how will he compute the hash of the downloaded copy, on an untrusted machine (which is the assumption that justifies using a Trezor)?

We'd like to have each firmware release (and its hash) signed by independent set of people. Quite a few people already contacted us wanting to do that, but we are not yet there. The building and signing process is documented here: https://github.com/trezor/trezor-mcu -- but we need to prepare the place, where people will upload their signatures so we can show them in Firmware Update dialog.

myTREZOR and TREZOR already show a hash of uploaded firmware, this signing process is just to justify the hash legitimacy and to prove that the provided firmware was indeed built from the provided sourcecode.

[JorgeStolfi]

A malicious manufacturer can distribute firmware that, instead of using truly random seeds,  chooses seeds from a very small set.

This would be visible in the firmware source. [ ... ] With deterministic build, everybody can check the firmware. That does not mean that everybody HAS to. If 3 of 5 decided to sign something malicious, then the rest of the guys would be whistle-blowing and everybody would know. [ ... ] I was talking about proving that there is a backdoor. As I argued above, if there is one, you should be able to find it in the open-source code. It should be easy to prove.

There is a firmware source posted on github.  There is a firmware binary in each client's Trezor.  Note the indefinite articles.  Can you see the problem now?

Come on guys, this vulnerability not my entry for the Nobel Prize, it is an absolutely trivial and well-known observation.  If someone can get a malicious version of the firmware signed, he can easily trick many clients into installing it.

Hackers can even trick many users into installing an unsigned malicious version of the firmware and re-entering the recovery seeds.  Do I have to spell out the details?

As for it being single-purpose hence simple, I have seen several posts here requesting all sorts of features and support for things other than bitcoin.  I bet that the full source will soon have hundreds of thousands of lines of code.  (The Brazilian electronic voting machine, which does not even connect to the internet, has over a million lines of C/C++ source code, not counting the operating system.)

Trezor now has 16500 lines of code in *.c files and another 7000 in *.h files. This is a total for bootloader, firmware and I might included some testing and GUI code as well, that is not on the device so it is even less. And this includes many features discussed here that are not yet released. I don't see it getting to 100000 any time soon. Provided that some code is imported from other open source libraries, the Trezor code itself is even smaller.

We will see in a couple of years.   Judging by the mood of this thread, the Trezor will soon be storing your gaming site passwords, your calorie counts, your dog's gym workout schedule, ...

(The Brazilian voting machine software was very small at the beginning, too.)

Meanwhile, how long do you think it would take for one person to review 20'000 lines of code and make sure that it has no weaknesses (like a broken random number generator, or a line somewhere that sticks the private key into the signed transaction that is sent tout to the infected computer)?

I asked earlier whether the hardware has some sort of memory protection that would prevent one function from accessing data areas of an unrelated function, but got no answer.  If it doesn't, the dog workout code will have access to the bitcoin private keys; therefore that code, and every modification to it, must be verified with the same care that is spent on the bitcoin code proper.  Worse still if the firmware can modify itself.

[btchip]

Yup, clearly, a connected device will never reach paper wallet security

until you want to spend it 

(that should be a new meme ...)

[klokan]

A malicious manufacturer can distribute firmware that, instead of using truly random seeds,  chooses seeds from a very small set.

This would be visible in the firmware source. [ ... ] With deterministic build, everybody can check the firmware. That does not mean that everybody HAS to. If 3 of 5 decided to sign something malicious, then the rest of the guys would be whistle-blowing and everybody would know. [ ... ] I was talking about proving that there is a backdoor. As I argued above, if there is one, you should be able to find it in the open-source code. It should be easy to prove.

There is a firmware source posted on github.  There is a firmware binary in each client's Trezor.  Note the indefinite articles.  Can you see the problem now?

Come on guys, this vulnerability not my entry for the Nobel Prize, it is an absolutely trivial and well-known observation.  If someone can get a malicious version of the firmware signed, he can easily trick many clients into installing it.

Hackers can even trick many users into installing an unsigned malicious version of the firmware and re-entering the recovery seeds.  Do I have to spell out the details?

As for it being single-purpose hence simple, I have seen several posts here requesting all sorts of features and support for things other than bitcoin.  I bet that the full source will soon have hundreds of thousands of lines of code.  (The Brazilian electronic voting machine, which does not even connect to the internet, has over a million lines of C/C++ source code, not counting the operating system.)

Trezor now has 16500 lines of code in *.c files and another 7000 in *.h files. This is a total for bootloader, firmware and I might included some testing and GUI code as well, that is not on the device so it is even less. And this includes many features discussed here that are not yet released. I don't see it getting to 100000 any time soon. Provided that some code is imported from other open source libraries, the Trezor code itself is even smaller.

We will see in a couple of years.   Judging by the mood of this thread, the Trezor will soon be storing your gaming site passwords, your calorie counts, your dog's gym workout schedule, ...

(The Brazilian voting machine software was very small at the beginning, too.)

Meanwhile, how long do you think it would take for one person to review 20'000 lines of code and make sure that it has no weaknesses (like a broken random number generator, or a line somewhere that sticks the private key into the signed transaction that is sent tout to the infected computer)?

I asked earlier whether the hardware has some sort of memory protection that would prevent one function from accessing data areas of an unrelated function, but got no answer.  If it doesn't, the dog workout code will have access to the bitcoin private keys; therefore that code, and every modification to it, must be verified with the same care that is spent on the bitcoin code proper.  Worse still if the firmware can modify itself.

I'm not saying malicious firmware cannot be signed. I'm saying it cannot be signed without people knowing. And installing the unsigned one is of course possible as well, but that cannot be done without user knowing it. If user is warned and decides to install it anyway then it is his problem. I did not say it is impossible though.

The Trezor may store your game passwords and other passwords, provided they are derived from the same seed. In fact it can do it already with it's 20000 lines of code. You are exaggerating with the other "use cases". It's not going to happen.

20000 lines of code can be verified in a month or two for backdoors. To fully understand all of it, it takes more time. The point is, it's possible for a single person and people did it.

[JorgeStolfi]

Yup, clearly, a connected device will never reach paper wallet security

If the computer is not secure (the premise of Trezor), the Trezor has some risks, but the paper wallet is not safe at all.

[JorgeStolfi]

I'm not saying malicious firmware cannot be signed. I'm saying it cannot be signed without people knowing.

Just to give one example, three of the 5 key holders at Trezor conspire and sign a malicious version of the firmware that is given to a hacker.  The hacker unleashes a virus with a malicious plug-in or standalone MyTrezor bridge, that instructs clients to download and install the "latest version" of the firmware, which is of course the malicious version above. 

You are exaggerating with the other "use cases". It's not going to happen.

Well, I hope that manufacturers can resist that temptation.

20000 lines of code can be verified in a month or two for backdoors. To fully understand all of it, it takes more time. The point is, it's possible for a single person and people did it.

You mean, someone already checked it, and did not see the backdoor? 

[stick]

And why would a paper wallet created with respect of best practices be not safe ?

Paper wallet IS safe. But spending it is not. (If you are using "sweep private key" and not an offline signing which is very cumbersome).

[dnaleor]

And why would a paper wallet created with respect of best practices be not safe ?

Paper wallet IS safe. But spending it is not. (If you are using "sweep private key" and not an offline signing which is very cumbersome).

Indeed. Yesterday I've send my large stash offline with armoury to my Trezor. Took a lot of time on my raspberry, but I couldn't take the risk of just sweeping the keys at blockchain.info

I only use the Trezor now (and a few mBTC on MyCelium). I've imported the old keys from my QT in a blockchain.info wallet (you never now if you receive a donation from some old image/post/...)

[klokan]

I'm not saying malicious firmware cannot be signed. I'm saying it cannot be signed without people knowing.

Just to give one example, three of the 5 key holders at Trezor conspire and sign a malicious version of the firmware that is given to a hacker.  The hacker unleashes a virus with a malicious plug-in or standalone MyTrezor bridge, that instructs clients to download and install the "latest version" of the firmware, which is of course the malicious version above. 

You are exaggerating with the other "use cases". It's not going to happen.

Well, I hope that manufacturers can resist that temptation.

20000 lines of code can be verified in a month or two for backdoors. To fully understand all of it, it takes more time. The point is, it's possible for a single person and people did it.

You mean, someone already checked it, and did not see the backdoor? 

Yes, IF they were malicious, they can sign non-git version of the firmware that can have money stealing interface. If such a firmware would be flashed onto the device on a hacked computer (by the hacked computer) then your BTC would be stolen. You would still need to confirm that you want this firmware flashed on the device. Also, you would now have a signed malicious firmware and you could sue them with it, because its digitally signed with their signatures. They would probably get away with it, claiming all their keys were stolen. But the company would go bancrupt.

But again, this kind of attack is not specific to this company. If five bank employees agree to forge a withdrawal from your bank account, how would you protect against such inside-job attack?

[gweedo]

I would like to return my trezor and get a refund of my 3 BTCs how can I do this? Obviously they aren't going to fix the mytrezor web wallet and I want my money back.

Edit: Talked to my lawyer about this, and he said there should be no reason that a refund should be an issue. I would also like to use escrow to make sure they don't stiff me.

The guy who paid 10000BTC for the pizza back in the day would like to refund as well.  If that guy would be refunded, he would probably get 10USD back (provided he will return the pizza). BTC is deflation currency and the refunds don't work with those. Your lawyer should learn some basic rules of economy.

You can still get refunded though, because there are people willing to pay the amount of money you paid for this one. BTC was worth 80-120USD during the preorder period. I would pay you 330USD for it myself.

Well they need to say that on their website and they don't so I expect 3 BTC which is what I paid. Do you have a law degree?

Don't kid yourself gweedo, you are an asshole

How am I am that? Because I expect something to work in a reasonable time? Because I paid money for it to work in reasonable time? By the way it still doesn't work so when should I expect it to work, and not be considered that? I can't wait until you other people have an issue with trezor and then you will be in my position. When you are I will sit back and just laugh at you guys.

[klokan]

Well they need to say that on their website and they don't so I expect 3 BTC which is what I paid. Do you have a law degree?

I don't have a law degree, but I was recently reimbursed by my Swiss employer for my expenses abroad. They paid me Swiss Francs with the rate on the day of the expense. I'm pretty sure it is legal and I'm also pretty sure you are getting Czech Crowns if you ever get a refund. Does your lawyer has a Czech law degree?

That said, I'm still willing to pay you 330USD for the device.

[thewayshegoes]

Yup, clearly, a connected device will never reach paper wallet security

until you want to spend it 

(that should be a new meme ...)

Create a transaction offline, sign offline, broadcast

Over 

But in real life, I have used your solution to sweep a private key 

Even with offline transactions though, you have to move a USB stick between offline and online computers, creating a possible vulnerability, correct?

[RedDiamond]

Yup, clearly, a connected device will never reach paper wallet security

until you want to spend it  

(that should be a new meme ...)

Create a transaction offline, sign offline, broadcast

Over  

But in real life, I have used your solution to sweep a private key  

Even with offline transactions though, you have to move a USB stick between offline and online computers, creating a possible vulnerability, correct?

Correct. A malware can change the firmware of the stick in such way that it do nasty things when connected to another computer. For more detailed technical explanation please see https://srlabs.de/badusb/

[bitpop]

Yup, clearly, a connected device will never reach paper wallet security

until you want to spend it 

(that should be a new meme ...)

Create a transaction offline, sign offline, broadcast

Over 

But in real life, I have used your solution to sweep a private key 

Even with offline transactions though, you have to move a USB stick between offline and online computers, creating a possible vulnerability, correct?

Correct. A malware can change the firmware of the stick in such way that it do nasty things when connected to another computer. For more detailed technical explanation please see https://srlabs.de/badusb/

No they must be signed. Those usb disks accept any firmware

[tynt]

mytrezor website is unusable. It freezes and few moments later browser tells me that trezor plugin is not responding. I can't even click on the "Support" link. Both firefox and chrome act the same way. Both trezor plugged in and plugged out.

[chrisrico]

Yes and no

You can use a new stick on a fresh offline computer

Or simply plug nothing, forge and sign transaction on offline computer, convert signed transaction to qr code.

Flash it and broadcast it with online computer.

I won't bother doing this with little money (that's why I own a trezor), but if you move a big amount it can be worth the pain.

Even if you move a USB stick from online and offline computer, exploit is possible but you will be harder to target than if you connect to trezor related website.

If you have to have an offline computer in order to safely spend a paper wallet, why not have *just* an offline computer. Then, why not make it a single purpose computer that does nothing but securely store keys and sign data? That's what the Trezor is.

[stick]

mytrezor website is unusable. It freezes and few moments later browser tells me that trezor plugin is not responding. I can't even click on the "Support" link. Both firefox and chrome act the same way. Both trezor plugged in and plugged out.

write a support ticket to support@bitcointrezor.com

[shadallion]

Yes and no

You can use a new stick on a fresh offline computer

Or simply plug nothing, forge and sign transaction on offline computer, convert signed transaction to qr code.

Flash it and broadcast it with online computer.

I won't bother doing this with little money (that's why I own a trezor), but if you move a big amount it can be worth the pain.

Even if you move a USB stick from online and offline computer, exploit is possible but you will be harder to target than if you connect to trezor related website.

If you have to have an offline computer in order to safely spend a paper wallet, why not have *just* an offline computer. Then, why not make it a single purpose computer that does nothing but securely store keys and sign data? That's what the Trezor is.

Boom, nailed it

[stick]

Trezor ils not really offline, if you look carefully, you will see a cable

offline != cableless

Wifi is without a cable and is online.
Trezor has a cable and is offline.