Bitcoin Forum
November 15, 2024, 09:02:21 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 »  All
  Print  
Author Topic: My new TREZOR  (Read 21560 times)
HurtK
Newbie
*
Offline Offline

Activity: 31
Merit: 0



View Profile
April 02, 2014, 01:55:44 PM
 #41

https://lh3.googleusercontent.com/-KGFOWugeSlc/UzvCXEn1l7I/AAAAAAAAGJU/EKvFI4k_qig/w1664-h1232-no/IMG_20140401_195446.jpg

Why is the confirm button on the right? General convention is that yes/confirm buttons are on the left

see https://www.google.cz/search?tbm=isch&q=yes%20no%20dialog&hl=cs#hl=cs&q=yes+no+dialog&tbm=isch
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
April 02, 2014, 02:00:07 PM
 #42

Why is the confirm button on the right? General convention is that yes/confirm buttons are on the left

(reposting from reddit)

We always put "positive" actions (next, confirm, ok) on the right and "negative" on the left (previous, abort, cancel) button.
It makes sense when you realize that in order to confirm transaction you have to press "next" several times (for each output) and then "confirm". I guess you agree that putting Next on the left and Back on the right is not a good idea.

Velkro
Legendary
*
Offline Offline

Activity: 2296
Merit: 1014



View Profile
April 02, 2014, 04:13:59 PM
 #43

show us some more shots how it works, how it looks when accessing through USB by PC etc. managment panel etc.
lensgrabber
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
April 02, 2014, 04:28:55 PM
 #44

show us some more shots how it works, how it looks when accessing through USB by PC etc. managment panel etc.


A video would be pretty great.  I've heard of TREZOR but really have no idea how it's supposed to work. 
AmDD
Legendary
*
Offline Offline

Activity: 1027
Merit: 1005



View Profile
April 02, 2014, 04:43:52 PM
 #45

Very cool, glad to see one in the 'wild'. Cant wait for them to open up ordering.

BTC tip jar: 18EKpbrcXxbpzAZv3T58ccGcVis7W7JR9w
LTC tip jar: Lgp8ERykAgx6Q8NdMqpi5vnVoUMD2hYn2a
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
April 02, 2014, 04:51:36 PM
 #46

There are no third party vendors (as of now). If you have found any then you had found a scam.

Oh... so it is impossible for new users to obtain Trezors.  Angry
knight22
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


--------------->¿?


View Profile
April 02, 2014, 04:52:22 PM
 #47

So the software is being installed from the device?

slush
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
April 02, 2014, 05:24:23 PM
 #48

So the software is being installed from the device?

Trezor works as HID (mouse, keyboard) and does not need any system drivers. Device does not carry any desktop software (it would be security hole otherwise), but you can connect it with other software. Multibit and Armory teams are actively working on Trezor support. And in the meantime there's mytrezor.com, our webwallet talking to Trezor over browser plugin.

Chef Ramsay
Legendary
*
Offline Offline

Activity: 1568
Merit: 1001



View Profile
April 02, 2014, 05:25:52 PM
 #49

Glad to see these finally are a go and yes, they look fantastic. Just curious as to when my pre-order (8-9-13) will arrive? Should also check your emails from time to time. Wink
chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
April 02, 2014, 06:05:53 PM
 #50


Yes, Trezor supports bip32 "as they spec'd", it passes all test vectors and it has been tested also with other bip32-compatible software (Bits of proof server) that it generates same bip32 trees. No need to ask bitcoin core devs...

Shouldn't this also be a way to check for backdoors and/or whether the device has been tampered with? Wouldn't any change to the core part of the firmware result in getting different answers with the test vectors?

I hope you don't mind my bumping this question, but I really want to know about how a back door or otherwise tampered electronic device could get around the test vectors? Or am I misunderstanding something fundamentally?
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 02, 2014, 06:11:40 PM
 #51

The risk with a backdoored TREZOR is not that it generates public/private keys incorrectly (which is what the BIP32 test vectors test). It's that it can leak the private keys/seed via some side channel, or can be told to sign transactions bypassing the usual user confirmation logic.

For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
April 02, 2014, 06:13:57 PM
Last edit: April 02, 2014, 10:20:48 PM by roslinpl
 #52




Yes it looks lovely! Smiley after all that delays it should looks and works great Smiley

I hope you will enjoy using Trezor!

Regards!

chriswilmer
Legendary
*
Offline Offline

Activity: 1008
Merit: 1000


View Profile WWW
April 02, 2014, 06:51:13 PM
 #53

The risk with a backdoored TREZOR is not that it generates public/private keys incorrectly (which is what the BIP32 test vectors test). It's that it can leak the private keys/seed via some side channel, or can be told to sign transactions bypassing the usual user confirmation logic.

For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.

Well, one of my fears (perhaps unfounded) is that a tampered device will ignore my randomly generated input seed, and instead use some kind of weak method for generating the master private key. If all of the algorithms are published however, I should be able to test whether the device is using the input seed as intended right? (i.e., compare the master public key generated on my laptop using the same algorithm as the public key generated by the trezor, where both used the same input seed).

Just to clarify, when I say "seed" what I really mean is the random data (dice rolls or whatever) that are used as a source of entropy.
stick
Sr. Member
****
Offline Offline

Activity: 441
Merit: 268



View Profile
April 02, 2014, 07:20:14 PM
 #54

Well, one of my fears (perhaps unfounded) is that a tampered device will ignore my randomly generated input seed, and instead use some kind of weak method for generating the master private key.

That is a valid concern. What TREZOR does is that it shows its internal entropy on display (if asked to) before requesting an external one. Once provided, these two entropies are mixed (using hash) and you can verify that external was used and not omitted.

dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
April 02, 2014, 07:41:04 PM
 #55

Are there theme'able devices in the roadmap? I'd kill for a red and white Hello Kitty one =^).
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
April 02, 2014, 08:18:55 PM
 #56

Soon trezor should think about "trezor watch" - that could be a great idea Tongue
cor
Full Member
***
Offline Offline

Activity: 121
Merit: 100



View Profile WWW
April 02, 2014, 09:26:22 PM
 #57

Are there theme'able devices in the roadmap? I'd kill for a red and white Hello Kitty one =^).

that's sweet  Grin if there's enough hello kitty lovers we could make it possible...

MarketNeutral
Sr. Member
****
Offline Offline

Activity: 434
Merit: 252


View Profile
April 02, 2014, 10:14:35 PM
 #58

Any more information on this?

Awesome development—truly!

Keep up the amazing work.  Smiley
Swordsoffreedom
Legendary
*
Offline Offline

Activity: 2954
Merit: 1135


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
April 02, 2014, 10:37:13 PM
 #59

That is cool I wanted a trezor but then they sold out of course they open sourced it for people to get later
But I will wait for a batch 2  Grin

Are there theme'able devices in the roadmap? I'd kill for a red and white Hello Kitty one =^).

that's sweet  Grin if there's enough hello kitty lovers we could make it possible...

O_O I would buy a batch of Gundam Themed ones Smiley

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
April 02, 2014, 11:06:36 PM
 #60

I don't have any financial relationship or otherwise with SatoshiLabs, other than the pre-order I made, which is now delivered. It's just a project I think is important.


Thanks. I agree TREZOR, and other user-friendly hardware wallets, are for me the most pressing bottleneck for bitcoin adoption.

Good work all around guys!

Pages: « 1 2 [3] 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!