JayJuanGee
Legendary
Online
Activity: 3304
Merit: 8094
ESG, KYC & AML are attack vectors on Bitcoin
|
 |
February 01, 2020, 05:09:07 AM Last edit: February 01, 2020, 05:20:03 AM by JayJuanGee |
|
Nope, fucking scary actually. But it seems not Trezors fault, the STM32 micro misbehaves when it is voltage "glitched". Basically the device is useless as hardware wallet without replacement, except when the seed is protected by a BIP39 passphrase (which is what Kraken recommends as fix/cure). ^ Krakens blog article is really very detailed and well written. You need only a minimal electronic understanding to reproduce the attack. (<- Meaning the crims will be up to speed quickly). Not a new exploit just old rehased FUD, use a passphrase (like we all do) and have to be able to defend from physical attacks. Passphrase? Yet another password to lose/forget. Seriously, though, if you already have corn on Trezor without a passphrase, then wouldn't adding passphrase simply create another wallet/account on the same Trezor? If so, you would have to make an additional step of transferring corn from OLD (no passphrase) account to NEW (with passphrase) account. Am I correct or not? I did a quick fast forward ahead into the thread, and doesn't seem to be that any member gives a shit to answer your question, Biodom, or attempted to respond to your post. I was not really about the answer, either.. but there must be some members who have played around with that password feature after they had already established a wallet, and then go to add a passphrase at a later date. I did a quick search, and trezor does have a blog post from February 2019 that seems to present some scenarios pretty damned close to the ones that you described, Biodom, and your speculative answer seems to be correct, as far as I can tell from the blog entry. https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925bEdit:Yes, that is correct. You could leave some corn on the unpassworded wallet as decoy, while no one else would know about the wallet with the passphrase.
There are still reasons to use hardware wallets, and remember, they still need physical access to the device.
If they have physical access to you (and that includes any member of your family), then no passphrase is going to protect your corns.
Woops,.... my fast-forward had seemed to have missed Dabs's response.. which seems to be saying similar things to you, Biodom.... except he also seems to be implying the possibility that family members might be ready, willing and able to carry out a technical attack, and my suspicion of the top of my head is that family members are NOT really going to be inclined to employ such attacks... but yeah, if they end up being hostile to you in some way, then they might engage in such nefarious activities... Of course, there needs to be some simple precautions around people who might get into your physical space, but I would not automatically presume family members to be meddlers.. even though of course, there are going to be legitimate reasons NOT to make things too easy for them, if they might have those kinds of meddling inclinations.
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
bitserve
Legendary
Offline
Activity: 1652
Merit: 1345
Self made HODLER ✓
|
 |
February 01, 2020, 05:12:03 AM Last edit: February 01, 2020, 05:26:10 AM by bitserve Merited by xhomerx10 (1), JayJuanGee (1), AlcoHoDL (1) |
|
Yup, Biodom is right. That's exactly how it works.
Just think about the additional passphrase as if it were more words for the original seed resulting in a completely different public/private key pairs.
As an added bonus you can have MANY unlimited "wallets" just by inserting a different additional password. With the same base seed.
And it is NOT stored in the hardware wallet. You need to provide it each time you reboot.
|
|
|
|
|
JayJuanGee
Legendary
Online
Activity: 3304
Merit: 8094
ESG, KYC & AML are attack vectors on Bitcoin
|
 |
February 01, 2020, 05:45:39 AM |
|
Nope, fucking scary actually. But it seems not Trezors fault, the STM32 micro misbehaves when it is voltage "glitched". Basically the device is useless as hardware wallet without replacement, except when the seed is protected by a BIP39 passphrase (which is what Kraken recommends as fix/cure). ^ Krakens blog article is really very detailed and well written. You need only a minimal electronic understanding to reproduce the attack. (<- Meaning the crims will be up to speed quickly). wow, just wow. Hardware wallets only have one purpose, protect the private key. Is it really that hard to design a secure hardware? I wonder when they find a bug in ledger wallets which can not be fixed with a software update. Good security is easy Air gap, concrete, cameras, dogs, rapid response security contractors There is "security through obscurity" too, which tends to be a decent practice for quite a few rich people who don't really seem to get fucked with... and even be able to move amongst the plebs and even to live a bit better than all of the plebs without the plebs really realizing it. Of course, neighborhoods probably help somewhat too, and if the rich hypothetical person seems to have a lifestyle that largely fits in with the rest of the community, then not too likely that anyone is going to target that rich hypothetical person.. At the same time, I am not denying that some of those other HARD security measures might be helpful, too.. . Many of us, likely realize that almost any security system can be broken into, if there is a determined attacker... and I suppose security systems are going to carry a variety of trade offs. About a month ago or so, I was speaking with a guy who is connected with the family, but who is amongst the better off of some of the connected with the family members. He was kind of bragging about how great RING works for him, and I mentioned some of the security holes with it, but I did not really want to go into too many details. Seems to me that he hardly had even thought about it.. because he was thinking that he does not have anything to hide... but then again, Ring brings on a variety of attack vectors, whether governmental, or that company or the hackers that get into the system.... So, maybe he will figure it out some day, and maybe he will not. I doubt that he has ever really had any security problems, even though he is pretty wealthy in comparison to other people in the community, but his Ring device could be inviting attackers from all over the world, without his even having had given much thought to it.
|
|
|
|
bitebits
Legendary
Offline
Activity: 2119
Merit: 2579
Flippin' burgers since 1163.
|
 |
February 01, 2020, 05:46:45 AM Last edit: February 01, 2020, 11:22:08 AM by bitebits Merited by JayJuanGee (1) |
|
Pretty sure that when someone technically skilled has physical access to whatever brand hardware wallet, they can extract the seed. Same for any phone or game console: they always get root access. To protect yourself against a physical attack (getting your hardware wallet and/or seed): - Use a passphrase on top of the seed (see the above post of bitserve, it can be a single word to not overcomplicate things. More words are better though). - Or/And use multisig, which is easy to setup using Electrum and multiple hardware wallets. I simply can’t move any of my coins myself, even when someone has my seed and passphrase, without multiple co-signers. Edit: In case you want to do multisig with yourself (as two-factor authentication) https://electrum.readthedocs.io/en/latest/multisig.html
|
|
|
|
realr0ach
Sr. Member
  
Offline
Activity: 924
Merit: 311
#TheGoyimKnow
|
 |
February 01, 2020, 05:48:03 AM |
|
Wuhan virus = world's first race specific bioweapon released into the wild? More infectious to asian males - 2.50% ACE2 cells vs. 0.47% in other lungs. Before anyone claims the US did it, I'd say the Chinese government is far more likely to kill off their own people than anyone else. They have overpopulation and fear the communist party being overthrown in an economic downturn from having too many people and not enough jobs. Chinese government solution = just kill off the extra people.
The US government will even greenlight the operation and import the virus in on purpose to try and blame the collapse of global, Jewish Ponzi scams on it.
|
|
|
|
JayJuanGee
Legendary
Online
Activity: 3304
Merit: 8094
ESG, KYC & AML are attack vectors on Bitcoin
|
 |
February 01, 2020, 06:29:08 AM |
|
Pretty much. I remember as a kid when Liberty7 was "lost forever in the depths of the ocean". Then in the late 90's they dropped a hook down, picked it up and that's that.
So if you do lose access to your wallet just put it away, chances are it may be recovered in the future. In terms of the passphrase I don't THINK it is needed if you restore from seed, so as long as you have that somewhere you may be ok. Have to check on that.
I am pretty sure that once you created a passphrase, restoring from the recovery seed still requires that extra passphrase, as if it were one more word added to the recovery seed. In other words, without the passphrase, you just get the regular wallet, so only wallet devices that enable (or can recognize the extra passphrase) can be used to recover a wallet that has a passphrase. If you try to use a wallet device that does not recognize the ability (or enable the ability through the way it is designed) to use a passphrase, then you cannot get access to those wallets through that wallet device. Seems to explain the functionality of that extra passphrase feature in the blog article that I cited earlier. https://blog.trezor.io/passphrase-the-ultimate-protection-for-your-accounts-3a311990925bEditYup, Biodom is right. That's exactly how it works.
Just think about the additional passphrase as if it were more words for the original seed resulting in a completely different public/private key pairs.
As an added bonus you can have MANY unlimited "wallets" just by inserting a different additional password. With the same base seed.
And it is NOT stored in the hardware wallet. You need to provide it each time you reboot.
What bitserve said. Edit 2Pretty sure that when someone technically skilled has physical access to whatever brand hardware wallet, they can extract the seed. Same for any phone or game console: they always get root access. To protect yourself against a physical attack (getting your hardware wallet and/or seed): - Use a phassprase on top of the seed (see the above post of bitserve, it can be a single word to not overcomplicate things. More words are better though). - Or/And use multisig, which is extremely easy to setup using Electrum and multiple hardware wallets. I simply can’t move any of my coins myself, even when someone has my seed and passphrase, without multiple co-signers. What bitebits said. 
|
|
|
|
MufasaR
Jr. Member
Offline
Activity: 48
Merit: 1
|
 |
February 01, 2020, 07:05:05 AM |
|
Looking at the chart bitcoin has been in the down trend and went up slightly and continued the downward trend forming that channel, what is the probability that the breakout won't just spike up and continue the downward trade 
|
|
|
|
Arriemoller
Legendary
Offline
Activity: 2212
Merit: 1690
Cлaвa Укpaїнi!
|
 |
February 01, 2020, 07:07:26 AM |
|
Good morning and good luck to all WO friends in the UK, it will be interesting to read your comments in the coming days.
Is anything special happening? I bought Ode to Joy, the EU anthem, to make sure it's number one in the music charts on B word day. The rival is named '17 million Fuck Offs' which is a wonderful summary of the attitudes stirred up. No wonder they like Beethovens 9:th They got the inspiration from a clockwork orange. https://www.youtube.com/watch?v=cQCQRLA05AA
|
|
|
|
Arriemoller
Legendary
Offline
Activity: 2212
Merit: 1690
Cлaвa Укpaїнi!
|
 |
February 01, 2020, 07:11:06 AM |
|
We may be an oligarchy but at least we don't believe in queens, barons, and knights. Do you also believe in dragons?
This is the ballot sheet of my local council election.  Problem with that? Why does Thorvardars daughter have a mans name?
|
|
|
|
Arriemoller
Legendary
Offline
Activity: 2212
Merit: 1690
Cлaвa Укpaїнi!
|
 |
February 01, 2020, 07:12:35 AM |
|
And a big congratulations to all you British on independence day. May your country live long and prosper.
|
|
|
|
becoin
Legendary
Offline
Activity: 3419
Merit: 1216
|
 |
February 01, 2020, 07:26:29 AM |
|
And a big congratulations to all you British on independence day. May your country live long and prosper.
Actually it is Northern Ireland's independence day, For Britain it is just a liberation day as they were already independent before joining EU.
|
|
|
|
Arriemoller
Legendary
Offline
Activity: 2212
Merit: 1690
Cлaвa Укpaїнi!
|
 |
February 01, 2020, 07:32:47 AM |
|
One case of corona virus confirmed in Sweden.
Edit: just noticed that Bob beat me to it.
|
|
|
|
fillippone
Legendary
Offline
Activity: 1750
Merit: 12226
Merit Rascal - Pizza Maker - Golden Feather 2022
|
 |
February 01, 2020, 07:33:06 AM |
|
So guys, this is cool; sirazimuth just merited my Neil Peart eulogy from a couple weeks ago pushing me to 2112 merit. I'm not even sure if he planned it that way...  Whatever dude, I’m planning different  
|
|
|
|
|
Lambie Slayer
|
 |
February 01, 2020, 08:00:16 AM |
|
https://harvardtothebighouse.com/2020/01/31/logistical-and-technical-analysis-of-the-origins-of-the-wuhan-coronavirus-2019-ncov/It considers whether the Wuhan Coronavirus (2019-nCoV) is a naturally emergent strain against the possibility that it may be a bio-engineered strain meant for defensive immunotherapy protocols that was released into the public, most likely by accident – China’s rate of occupational accidents is about ten-times higher than America’s, and some twenty-times more than Europe, the only other regions with high-level virology labs. Additionally, Beijing has had four known accidental leaks of the SARS virus in recent years.
... Early research found that this coronavirus targets the ACE2 receptor, which is found in Asians at roughly five-times the rate of other global populations, indicating that 2019-nCoV was likely in development as part of a defensive project possibly linked to immunotherapy, not as an offensive weapon since the virus is likely wired to be much more virulent among Asian populations. Further support for this is the fact that the Wuhan lab was already actively looking into the risks posed from bat coronaviruses, and by the fact there was pending research at the Wuhan BSL-4 lab into coronavirus treatments– by definition doing this would require live virulent strains of coronavirus to use to test the treatment regimes against.
...
This might have been a weapon meant for Taiwan with the goal of laying Taiwan to waste and then China comes in, saves the day, restores order, and puts Taiwan back under its rule. Black White supremacists like Mr. Bigsby should be fully immune to this disease though. via Imgflip Meme Generator
|
|
|
|
|
BitcoinGirl.Club
Legendary
Offline
Activity: 2366
Merit: 2391
Stake.com - Leading Crypto Sports Betting & Casino
|
 |
February 01, 2020, 08:06:27 AM |
|
Good morning WO! Observing @ $9,412
|
|
|
|
|
Lambie Slayer
|
I was shocked to learn the virus can stay airborne for 10 feet. Masks are a must if thats the case. Also I read before that a virus could only last on a surface for a few hours. This source is quoting 12 hours, which is a long time to linger on a door knob. Not sure which number is accurate tbh. https://twitter.com/isudheerbabu/status/1223495656087572480 via Imgflip Meme GeneratorSo, on to the symptoms..... via Imgflip Meme GeneratorWell holy fuck, "nasal congestion is not like the normal kind, you will feel like you are drowning in water" this sounds like torture. Ive read several sources stating patients have about a 25 percent chance of having severe syptoms/pneumonia. I dont wanna hear any more talk about how the flu is worse. This is Aids-Flu dammit.
|
|
|
|
|