Gachapin
Legendary
 Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
 |
December 28, 2024, 02:30:05 AM |
|
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
.... no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device. That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago. Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device. No (un)secure element needed ! I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too. Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt. haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself... We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force. https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore. If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:  Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim. ...because at that time the Trezor didn't offer the possibility of a longer PIN yet  c'mon JJG it can't be that hard to understand! |
|
|
|
|
Gachapin
Legendary
Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
|
December 28, 2024, 02:33:52 AM |
|
I wonder where are JJG's Gay Christmas cards ??
 seems like Christmas is over, even on that pic... try again next year  I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings... As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex. That's part of the reason why I keep my Grinder settings aimed at having preferences for females. It's not for you or me... it's for the BTC price ! ...ok admittedly that is for you and me then  |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
 |
December 28, 2024, 03:01:18 AM |
|
  ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
JayJuanGee
Legendary
 Online
Activity: 4172
Merit: 12675
Self-Custody is a right. Say no to "non-custodial"
|
|
December 28, 2024, 03:17:56 AM |
|
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
.... no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device. That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago. Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device. No (un)secure element needed ! I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too. Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt. haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself... We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force. https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore. If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says: Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim. ...because at that time the Trezor didn't offer the possibility of a longer PIN yet c'mon JJG it can't be that hard to understand! You think I am playing with you? I am not. I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter. I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities. And, by the way, I find Trezor's usability to be quite friendly and easy. From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims. If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic. Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element? or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device. As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do. I wonder where are JJG's Gay Christmas cards ??
seems like Christmas is over, even on that pic... try again next year I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings... As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex. That's part of the reason why I keep my Grinder settings aimed at having preferences for females. It's not for you or me... it's for the BTC price ! ...ok admittedly that is for you and me then Perhaps I never bought into the gay christmas cards angle, even though surely I have been participating in the all-seasons daily pushups angle...even though I don't really like doing pushups every day. |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 04:01:15 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 05:01:15 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
Gachapin
Legendary
Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
|
December 28, 2024, 05:25:17 AM Merited by JayJuanGee (1) |
|
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
.... no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device. That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago. Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device. No (un)secure element needed ! I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too. Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt. haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself... We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force. https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore. If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says: Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim. ...because at that time the Trezor didn't offer the possibility of a longer PIN yet c'mon JJG it can't be that hard to understand! You think I am playing with you? I am not. I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter. I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities. And, by the way, I find Trezor's usability to be quite friendly and easy. From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims. If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic. No, I absolutely don't think you are playing me! I just thought the issue must be quite easy to understand for an AI Joke aside, I thought with the quote of the article it should be obvious, as everything is in that short sentence. But maybe I'm just a bit too used to the topic as I once researched the shit out of it, after they changed the PIN length. Indeed, Trezor really lacked an adequate counter-campaign. I remember some article(s) on the PIN (don't make me search...). But Trezor surely fell short of educating their users. At least they should have more on their website... I guess since they went the SE route it's not so important for them anymore.. |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 06:01:17 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
Gachapin
Legendary
Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
|
December 28, 2024, 06:16:00 AM |
|
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
.... no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device. That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago. Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device. No (un)secure element needed ! I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too. Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt. haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself... We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force. https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore. If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says: Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim. ...because at that time the Trezor didn't offer the possibility of a longer PIN yet c'mon JJG it can't be that hard to understand! .... Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element? or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device. As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do. The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element! Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret. With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time! I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE. |
|
|
|
|
bitmover
Legendary
Offline
Activity: 2758
Merit: 6809
bitcoindata.science
|
|
December 28, 2024, 06:20:56 AM |
|
The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element! Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!
I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.
I agree about the PIN. I use so small pin in my ledger. I will probably change that soon, as I am a bit worried about it recently. I created those pin almost 10 y ago. I use 2 pin (as I have one hidden wallet with passphrase). |
|
|
|
|
Gachapin
Legendary
Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
|
December 28, 2024, 06:23:09 AM Merited by JayJuanGee (1) |
|
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has physical access to the device with a non-secure element.
.... no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device. That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago. Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device. No (un)secure element needed ! I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article. The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too. Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt. haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself... We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force. https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-walletsAgain, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore. If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says: Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps? or prevents hack-ability, as you seem to want to proclaim. ...because at that time the Trezor didn't offer the possibility of a longer PIN yet c'mon JJG it can't be that hard to understand! You think I am playing with you? I am not. I am giving my own understanding of the matter, and I don't claim to be a technical genius, yet I have been pointing out some technical pieces to support the assertions that I have been making...and to show my understanding of the matter. I doubt that what I have been saying is outside of the sphere of what some other guys might think about various Trezor weaknesses, and/or vulnerabilities. And, by the way, I find Trezor's usability to be quite friendly and easy. From my understanding, frequently Trezor is still being criticized because of its physical access vulnerability, and sure that could merely be competitors who are making those kinds of proclamations, yet Trezor does not seem to be countering those claims. If the longer pin were to be removing such physical access vulnerabilities (or greatly diminishing such vulnerabilities) then I would have had thought that there would be some kind of a counter-marketing campaign coming out of Trezor's camp and/or one of their supporting camps rather than their seeming to want to cave in and to move over towards providing secure elements in their newer products, which yeah so far many of us recognize that the secure element is not completely open sourced, so the Trezor with the secure element remains problematic. Are you trying to suggest that the Trezor with a sophisticated pin is nearly as secure as the trezor with a secure element? or you would not go that far in your seeming proclamation that more sophisticated pins are going to save us from hackers if we do not end up locking ourselves out of the device with such sophisticated pins.. yet with Trezor we don't need to worry if we lock ourselves out of the device anyhow since we can still use the device and we can reload our back up seed words back onto the device. As far as I know, so far, the trezor does not brick itself after unsuccessful attempts with the pin as some other hardware wallet devices do. I wonder where are JJG's Gay Christmas cards ??
seems like Christmas is over, even on that pic... try again next year I don't recall my having any kind of meaningful streak of posting gay Christmas cards, even at the peak of the holiday card sending seasonings... As a matter of fact, I find it less than appealing to be looking at pics of men (whether well-endowed or not), as compared with gawking at the attributes of the more fair sex. That's part of the reason why I keep my Grinder settings aimed at having preferences for females. It's not for you or me... it's for the BTC price ! ...ok admittedly that is for you and me then Perhaps I never bought into the gay christmas cards angle, even though surely I have been participating in the all-seasons daily pushups angle...even though I don't really like doing pushups every day. the pushup thing seems to be more widespread than I thought! thanks for bringing us to 100k, then! could I ask you to pls do it again?  |
|
|
|
|
Richy_T
Legendary
Offline
Activity: 2842
Merit: 2534
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
December 28, 2024, 06:24:16 AM Merited by JayJuanGee (1) |
|
Surely some of us may have had relatives who pass and we try to figure out what accounts they have, and i even had some relatives tell me that they want me to know their passwords in case something happens to them, and my most common response is that they need to keep their passwords in a safe place that would be accessible upon their passing, which surely is easier said than done... and most likely value ends up getting lost when persons pass and so many passwords that they are not even able to keep track of.
Encryption can help with that kind of thing. Ideally they would hand off to you an encrypted file to you with a password that you would be unable to access (easily) until after their passing. That can be a bit tricky and depend a lot on the level of trust between you so would have to be decided on a case-by-case basis. Also make sure that the password could not be accidentally lost. |
|
|
|
|
Gachapin
Legendary
Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
|
December 28, 2024, 06:29:30 AM
Last edit: December 28, 2024, 06:43:42 AM by Gachapin |
|
The Trezor with a sophisticated pin is even more secure than the Trezor with a secure element! Because it doesn't use these closed source Secure Elements, that can probably be readout by the companies that produces them, or by people who get their hands on the companies secret.
With a good PIN you can go open source and and also eradicate the risk that physical access brings, at the same time!
I would feel more safe loosing a Trezor secured with a 128 Bit PIN than one with a SE.
I agree about the PIN. I use so small pin in my ledger. I will probably change that soon, as I am a bit worried about it recently. I created those pin almost 10 y ago. I use 2 pin (as I have one hidden wallet with passphrase). The ledger has a secure element, so afaik the PIN isn't the sole thing (if at all) used to encrypt the seed. Means you should be safe from physical access to the chip anyways, even with a short PIN. (safe as far the secret of the SE company isn't used) |
|
|
|
|
Richy_T
Legendary
Offline
Activity: 2842
Merit: 2534
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
December 28, 2024, 06:30:37 AM |
|
Given how wallets actually work under the covers, particularly the old pre-HD Core wallets, this sounds just ridiculous. Should be fun. |
|
|
|
|
Richy_T
Legendary
Offline
Activity: 2842
Merit: 2534
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
|
|
December 28, 2024, 06:35:49 AM |
|
Realistically, are people using 128 bit pins on their Trezors? That's half the length of a private key.
|
|
|
|
|
Gachapin
Legendary
Offline
Activity: 1316
Merit: 2598
bitcoin retard
|
|
December 28, 2024, 06:40:00 AM
Last edit: December 28, 2024, 09:41:30 AM by Gachapin |
|
Realistically, are people using 128 bit pins on their Trezors? That's half the length of a private key.
I wouldn't use a 128 Bit PIN on a wallet that needs to be accessed frequently. But for a bigger stash you don't touch maybe for years, why not. For smaller amounts wallets with SE are totally fine imo Many wallets are using several SEs from different manufacturers in one device, because it's unlikely that all SE secrets get compromised at the same time. |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 07:01:14 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 08:01:14 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 09:01:17 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
ChartBuddy
Legendary
Offline
Activity: 2632
Merit: 2335
1CBuddyxy4FerT3hzMmi1Jz48ESzRw1ZzZ
|
|
December 28, 2024, 10:01:14 AM |
|
 ExplanationChartbuddy thanks talkimg.com |
|
|
|
|
|
Poll
