[ESHOP launched] Trezor: Bitcoin hardware wallet

[JorgeStolfi]

A fake Trezor can do anything.... you pulled that out of your FUD hat?  

Why couldn't a fake trezor impersonate a real one and do whatever it wants underneath the hood?
I'm not saying this is easy to accomplish, but certainly technically possible.

A fake Trezor can, for example imitate the real one but generate only weak keys (say, from among 2^30 possible pairs rather than 2^160).  Then the thief needs only monitor the blockchain until enough coins have been stored in those addresses, which he has precomputed.  Then he just moves the coins to his own addresses, all at once.

Note that the thief does not need to know who got the fake Trezors, and the user has no practical way of checking whether the keys are strong.

How many coins people may keep in those fake Trezors? That is the expected payoff of this attack. How much does it cost to make a fake Trezor with malicious bootloader?

EDIT: grammar

[dnaleor]

A fake Trezor can do anything.... you pulled that out of your FUD hat?  

Why couldn't a fake trezor impersonate a real one and do whatever it wants underneath the hood?
I'm not saying this is easy to accomplish, but certainly technically possible.

A fake Trezor can, for example imitate the real one but generate only weak keys (say, from among 2^30 possible pairs rather than 2^160).  Then the thief needs only monitor the blockchain until enough coins have been stored in those addresses, which he has precomputed.  Then he just moves the coins to his own addresses, all at once.

Note that the thief does not need to know who got the fake Trezors, and the user has no practical way of checking whether the keys are strong.

How many coins people may keep in those fake Trezors? That is the expected payoff of this attack. How much does it cost to make a fake Trezor with malicious bootloader?

EDIT: grammar

SatoshiLabs could do the following:

Put a long serial number in the sealed box. People can go to the website and register their Trezor. This tool would verify the Trezor device to be legitimate.
By doing that, they can also attach their email or (if they want to keep their anonymity) just a bitcoin address to their device. This can be used for warranty purposes so reselling the Trezor would be much more easy

[JorgeStolfi]

SatoshiLabs could do the following:

Put a long serial number in the sealed box. People can go to the website and register their Trezor. This tool would verify the Trezor device to be legitimate.
By doing that, they can also attach their email or (if they want to keep their anonymity) just a bitcoin address to their device. This can be used for warranty purposes so reselling the Trezor would be much more easy

That would help, but may not remove the risk entirely.  The malicious reseller may order a batch of real Trezors and send fake malicious Trezors to the clients, with the same serial numbers.

Perhaps one can devise some secure hanshake that that the Trezor could do with the SatoshiLabs server to prove that it is legit.  It would have to be something hard to emulate by a fake Trezor, even one that used parts from a real Trezor.

[JorgeStolfi]

But you have been bashing the same arguments since July...  The first time, I can understand, but repeating the same thing over and over again...

Well, many Trezor customers and prospective customers do not seem to be aware of that risk yet.   And I am not sure that the SatoshiLabs people are aware of the risk that they incur by tacitly approving the re-selling of their Trezors.

[klondike_bar]

But you have been bashing the same arguments since July...  The first time, I can understand, but repeating the same thing over and over again...

Well, many Trezor customers and prospective customers do not seem to be aware of that risk yet.   And I am not sure that the SatoshiLabs people are aware of the risk that they incur by tacitly approving the re-selling of their Trezors.

seriously? If they forebode reselling im sure craigslist would still have some.

the trezor is well-built. A knockoff requires some serious dedication and isnt even a remote concern if you just buy directly from buytrezor.com

far more likely:
1) printers with custom firmware to recognise bitcoin addresses/QR codes when printing, and push that data to a server
2) casascius or any other coins being opened up with precision and solvents, private key copied, then sealed shut again for resales. Or even the creator keeping a copy of all private keys
3) an android/windows/ios/ANY wallet software that was downloaded from the wrong site or updated to a malicious version
4) a webwallet that is hacked or otherwise steals privkey data.
5) virus or malware that seeks and steals any wallet info, or even QR codes from your print/documents history, and pulls the funds out.

someone creating an exact replica of the trezor and its (quality) box that its shipped in, plus valid serial numbers, plus making it match the MD5 hash..... you are pulling at straws. IMO the trezor is 100% the safest option right now outside of operating an isolated offline system with an offline printer, using it to sign txs, copying the signed tx to a USB, then sending the signed transactions from an online system

[btchip]

And I am not sure that the SatoshiLabs people are aware of the risk that they incur by tacitly approving the re-selling of their Trezors.

Also I fail to see what's the risk for the manufacturer if someone starts selling what is essentially a counterfeit version of the device. This would be like blaming an original SD card manufacturer when you get a fake chinese SD clone.

[JorgeStolfi]

Also I fail to see what's the risk for the manufacturer if someone starts selling what is essentially a counterfeit version of the device. This would be like blaming an original SD card manufacturer when you get a fake chinese SD clone.

If you buy fake merchandise, your loss is usually limited to the article.  Someone who buys a fake malicious Trezor may lose millions.  The victims will be much more motivated to get their money back, and SatoshiLabs will be the only target they can sue.  The victims will argue that SL is responsible because they did not warn people about the risk of buying Trezors from resellers.

For the same reason, I hope that SL is taking adequate measures to physically secure their storage and shipping operations.  How much would it take to convince an employee to switch some Trezors before shipping?

A knockoff requires some serious dedication and isnt even a remote concern if you just buy directly from buytrezor.com

Exactly.

far more likely:
1) printers with custom firmware to recognise bitcoin addresses/QR codes when printing, and push that data to a server
2) casascius or any other coins being opened up with precision and solvents, private key copied, then sealed shut again for resales. Or even the creator keeping a copy of all private keys
3) an android/windows/ios/ANY wallet software that was downloaded from the wrong site or updated to a malicious version
4) a webwallet that is hacked or otherwise steals privkey data.
5) virus or malware that seeks and steals any wallet info, or even QR codes from your print/documents history, and pulls the funds out.

Yes, all of that too, and more....

someone creating an exact replica of the trezor and its (quality) box that its shipped in, plus valid serial numbers, plus making it match the MD5 hash..... you are pulling at straws.

You have heard of fake ATMs, right?

IMO the trezor is 100% the safest option right now outside of operating an isolated offline system with an offline printer, using it to sign txs, copying the signed tx to a USB, then sending the signed transactions from an online system

The Trezor may be even safer than an off-line computer (if malware gets installed in that computer, it may be able to do a weak-key attack, or leak the private key in the signed transaction.)  Basically, the Trezor is an offline computer that is dedicated to a few bitcoin-related tasks and therefore is more difficult to compromise.  Trezor is certainly much safer than that competition hardware wallet without display.  But owners must be aware that it is still far from 100% safe.

[btchip]

Also I fail to see what's the risk for the manufacturer if someone starts selling what is essentially a counterfeit version of the device. This would be like blaming an original SD card manufacturer when you get a fake chinese SD clone.

If you buy fake merchandise, your loss is usually limited to the article.  Someone who buys a fake malicious Trezor may lose millions.  The victims will be much more motivated to get their money back, and SatoshiLabs will be the only target they can sue.  The victims will argue that SL is responsible because they did not warn people about the risk of buying Trezors from resellers.

For the same reason, I hope that SL is taking adequate measures to physically secure their storage and shipping operations.  How much would it take to convince an employee to switch some Trezors before shipping?

Then I can apply the same "logic" to someone buying a fake USB drive. If you put a private key on it, and it's somehow corrupted, are you going to blame the original manufacturer ?

But owners must be aware that it is still far from 100% safe.

Nothing is 100% safe, problem solved. On the specific case of hardware wallets, feel free to open your mind this Christmas

[Erdogan]

To summarize: The Trezor is the safest and easiest to operate bitcoin wallet of today.

[klondike_bar]

To summarize: The Trezor is the safest and easiest to operate bitcoin wallet of today.

+1
If you want to store more than 5BTC and/or want something better than a paper wallet for long-term storage, the trezor is a good deal to secure your bitcoins.

[JorgeStolfi]

I would even add to not store more than 50 BTC on a single Trezor (~$20k).  If you have more BTC, diversify your risk with multiple Trezor units.  $120 over $20k is equivalent to about 0.5% storage fee - not too bad!  This way, if JorgeStolfi prophecy comes true    - you wouldn't loose everything in one transaction ...  

Good advice... as long as you don't buy all your Trezors from the same guy on eBay, or the same Walmart store. 

[klokan]

  Jorge, I hope you bought your computer and cell phone at the computer and cell phone factories respectively. Because everybody knows that people have sensitive personal and credit card data + some have bitcoin wallets on their devices so it's important to buy from the factory instead of a vendor and even then you are not 100% sure!

  Why you want Trezor to put warnings on their product and educate customers, when no one in the business does that?

  You mentioned fake ATMs. If anybody planted those or if I opened a fake bank branch then people would loose money, but I don't see banks warning their customers about their product not being safe.

  If postal offices started replacing every package that could potentialy bring them profit, they would have millions on the first day, but magically they don't do it (because the poor postman would go to jail). And somehow they don't have to warn anybody that their package might contain replaced malicious product.

  If every hardware manufacturer would have to check and physicaly secure all their vendors to be sure they are not putting malicious elements in their hardware, there will be no hardware at all and yet I don't see warnings on my laptop about some parts being potentialy malicious.

  My point is not that Trezor is 100% secure, but that the problems that you mention are not Trezor specific and at the same time you want only SL to warn their customers about such problems. Just because you hate bitcoin you have double standard for Bitcoin and non-Bitcoin products. When you convince mobile and computer vendors to label their products with such warning then come back with such requests.

[JorgeStolfi]

Jorge, I hope you bought your computer and cell phone at the computer and cell phone factories respectively. Because everybody knows that people have sensitive personal and credit card data + some have bitcoin wallets on their devices so it's important to buy from the factory instead of a vendor and even then you are not 100% sure!

For the time being I will be "enjoying" the spectacle of BlockChain.info going down the tubes.  Let's resume this conversation when fake malicious Trezors appear and steal some significant piles of coins, shall we?

By the way, the BCI debacle happened because someone decided to "improve" the random number generator in their javascript code, and posted the new version for download by clients, late at night, without thorough validation by a security specialist.  Result: (ahem) hundreds of users received weak keys, some smart hackers noticed, and (ahem) emptied the addresses of those users.  The extent of damage is still unknown.

That bug was noticeed and fixed after a few hours; what if it had been there for days?

Cannot ever happen to the Trezor firmware, of course.

You mentioned fake ATMs. If anybody planted those or if I opened a fake bank branch then people would loose money, but I don't see banks warning their customers about their product not being safe.

There is no "if": fake ATMs have been around since the very first real ones were deployed (in the 1970s, IIRC).  I read a story of a customer who complaining to a Wells Fargo cashier about their ATM, that had been aborting transactions for days.  "What ATM? We do not have an ATM!" The crooks had installed a fake ATM on the rear wall of the bank, facing the parking lot.

Fake ATMs were endemic here in Brazil when credit cards were of the magstripe kind (as they still are in the US).  Most commonly the thieves placed a false front cover over the real one, with a malicious card reader and key logger.  They seem to be less common now that all credit cards use chips instead of magstripes.

But banks do warn clients to watch out for such false covers, and they inspect their ATMs for that and other tricks.  Who will inspect the Trezors on sale at Walmart, ot those bargain ones sold through eBay?

[600watt]

@JorgeStolfi:  You are correct and have identified a possible hacking scenario.  And we all appreciate your free advice on security.

But you have been bashing the same arguments since July...  The first time, I can understand, but repeating the same thing over and over again...

https://bitcointalk.org/index.php?topic=122438.msg8073106#msg8073106

Like bitcoin, Trezor is a compromise - and we all agree that Trezor is not perfect. However, it is a whole lot better than any other method of securing your private keys, at the moment, and more convenient to use than paper wallets.

And like any other successful hacks, if it was ever to be performed, I can assure you that it would go viral in no time, and everyone would stop using their Trezor - or at least transfer their bitcoins immediately to another type of wallet.

Maybe you should design the perfect Hardware wallet and sell it on the market, as a competitor to Trezor.  

EDIT: And if that was ever to happened, PM me.  Not only I would buy a few from you, but I would also invest financially in your company...

you cannot argue with a paid troll

[dnaleor]

Hey, I just noticed Some Trezors are offered at Amazon.de for 119 EUR.
Finally they understand that some people want to buy a Trezor for EUR and install it before they start touching bitcoin.

I sold a lot of Trezors for cash to people who were new to Bitcoin and not tech savvy. There is a business in reselling Trezors for fiat
(also some paranoid people who want to buy a Trezor for cash, because they don't want to be in some sort of database of customers kept by SatoshiLabs)

[abyrnes81]

Maybe one day I will buy one trezor , but before I should learn how to use it. Let me "learn".

[ticoti]

Hey, I just noticed Some Trezors are offered at Amazon.de for 119 EUR.
Finally they understand that some people want to buy a Trezor for EUR and install it before they start touching bitcoin.

I sold a lot of Trezors for cash to people who were new to Bitcoin and not tech savvy. There is a business in reselling Trezors for fiat
(also some paranoid people who want to buy a Trezor for cash, because they don't want to be in some sort of database of customers kept by SatoshiLabs)

wow, it is a high overprice

I read in the AmA that they were going to release a new pack or something like that
any details?

[World]

Nice article
http://insidebitcoins.com/news/bitcoin-hardware-wallets-could-become-as-ubiquitous-as-smartphones/27208

[abyrnes81]

Nice article
http://insidebitcoins.com/news/bitcoin-hardware-wallets-could-become-as-ubiquitous-as-smartphones/27208

Thanks for share whit us that fantastic article  , it is interesting. Thanks again .

[binford]

technical (noob) question: how long does trezor remember its keys if not powered up for years? at least a theoretical forecast/speculation, please. the concern is to move a part of funds to a trezor that would not be used frequently (at all in near future) and if there is something like an internal battery that should be taken into account for long period of inactivity?