HurtK
Newbie
Offline
Activity: 31
Merit: 0
|
|
April 02, 2014, 01:55:44 PM |
|
|
|
|
|
stick
|
|
April 02, 2014, 02:00:07 PM |
|
Why is the confirm button on the right? General convention is that yes/confirm buttons are on the left
(reposting from reddit) We always put "positive" actions (next, confirm, ok) on the right and "negative" on the left (previous, abort, cancel) button. It makes sense when you realize that in order to confirm transaction you have to press "next" several times (for each output) and then "confirm". I guess you agree that putting Next on the left and Back on the right is not a good idea.
|
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
April 02, 2014, 04:13:59 PM |
|
show us some more shots how it works, how it looks when accessing through USB by PC etc. managment panel etc.
|
|
|
|
lensgrabber
Newbie
Offline
Activity: 37
Merit: 0
|
|
April 02, 2014, 04:28:55 PM |
|
show us some more shots how it works, how it looks when accessing through USB by PC etc. managment panel etc.
A video would be pretty great. I've heard of TREZOR but really have no idea how it's supposed to work.
|
|
|
|
AmDD
Legendary
Offline
Activity: 1027
Merit: 1005
|
|
April 02, 2014, 04:43:52 PM |
|
Very cool, glad to see one in the 'wild'. Cant wait for them to open up ordering.
|
BTC tip jar: 18EKpbrcXxbpzAZv3T58ccGcVis7W7JR9w LTC tip jar: Lgp8ERykAgx6Q8NdMqpi5vnVoUMD2hYn2a
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3766
Merit: 1217
|
|
April 02, 2014, 04:51:36 PM |
|
There are no third party vendors (as of now). If you have found any then you had found a scam.
Oh... so it is impossible for new users to obtain Trezors.
|
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
April 02, 2014, 04:52:22 PM |
|
So the software is being installed from the device?
|
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 02, 2014, 05:24:23 PM |
|
So the software is being installed from the device?
Trezor works as HID (mouse, keyboard) and does not need any system drivers. Device does not carry any desktop software (it would be security hole otherwise), but you can connect it with other software. Multibit and Armory teams are actively working on Trezor support. And in the meantime there's mytrezor.com, our webwallet talking to Trezor over browser plugin.
|
|
|
|
Chef Ramsay
Legendary
Offline
Activity: 1568
Merit: 1001
|
|
April 02, 2014, 05:25:52 PM |
|
Glad to see these finally are a go and yes, they look fantastic. Just curious as to when my pre-order (8-9-13) will arrive? Should also check your emails from time to time.
|
|
|
|
chriswilmer
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
April 02, 2014, 06:05:53 PM |
|
Yes, Trezor supports bip32 "as they spec'd", it passes all test vectors and it has been tested also with other bip32-compatible software (Bits of proof server) that it generates same bip32 trees. No need to ask bitcoin core devs...
Shouldn't this also be a way to check for backdoors and/or whether the device has been tampered with? Wouldn't any change to the core part of the firmware result in getting different answers with the test vectors? I hope you don't mind my bumping this question, but I really want to know about how a back door or otherwise tampered electronic device could get around the test vectors? Or am I misunderstanding something fundamentally?
|
|
|
|
Mike Hearn (OP)
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
April 02, 2014, 06:11:40 PM |
|
The risk with a backdoored TREZOR is not that it generates public/private keys incorrectly (which is what the BIP32 test vectors test). It's that it can leak the private keys/seed via some side channel, or can be told to sign transactions bypassing the usual user confirmation logic.
For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
April 02, 2014, 06:13:57 PM Last edit: April 02, 2014, 10:20:48 PM by roslinpl |
|
Yes it looks lovely! after all that delays it should looks and works great I hope you will enjoy using Trezor! Regards!
|
|
|
|
chriswilmer
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
April 02, 2014, 06:51:13 PM |
|
The risk with a backdoored TREZOR is not that it generates public/private keys incorrectly (which is what the BIP32 test vectors test). It's that it can leak the private keys/seed via some side channel, or can be told to sign transactions bypassing the usual user confirmation logic.
For leaking private keys via side channels, there are virtually none available, except the ECDSA k value. Deterministic ECDSA is the solution to this. A backdoor that allows the computer to tell the device to empty itself out cannot really be defended against easily, because it's hard to know what software the device is truly running, but the reputation of the creators is sufficient to give good assurance for genuine/unmodified TREZORs. In future software remote attestation techniques might be interesting.
Well, one of my fears (perhaps unfounded) is that a tampered device will ignore my randomly generated input seed, and instead use some kind of weak method for generating the master private key. If all of the algorithms are published however, I should be able to test whether the device is using the input seed as intended right? (i.e., compare the master public key generated on my laptop using the same algorithm as the public key generated by the trezor, where both used the same input seed). Just to clarify, when I say "seed" what I really mean is the random data (dice rolls or whatever) that are used as a source of entropy.
|
|
|
|
stick
|
|
April 02, 2014, 07:20:14 PM |
|
Well, one of my fears (perhaps unfounded) is that a tampered device will ignore my randomly generated input seed, and instead use some kind of weak method for generating the master private key.
That is a valid concern. What TREZOR does is that it shows its internal entropy on display (if asked to) before requesting an external one. Once provided, these two entropies are mixed (using hash) and you can verify that external was used and not omitted.
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
April 02, 2014, 07:41:04 PM |
|
Are there theme'able devices in the roadmap? I'd kill for a red and white Hello Kitty one =^).
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
April 02, 2014, 08:18:55 PM |
|
Soon trezor should think about "trezor watch" - that could be a great idea
|
|
|
|
cor
|
|
April 02, 2014, 09:26:22 PM |
|
Are there theme'able devices in the roadmap? I'd kill for a red and white Hello Kitty one =^).
that's sweet if there's enough hello kitty lovers we could make it possible...
|
|
|
|
MarketNeutral
|
|
April 02, 2014, 10:14:35 PM |
|
Any more information on this? Awesome development—truly! Keep up the amazing work.
|
|
|
|
Swordsoffreedom
Legendary
Offline
Activity: 2954
Merit: 1135
Leading Crypto Sports Betting & Casino Platform
|
|
April 02, 2014, 10:37:13 PM |
|
That is cool I wanted a trezor but then they sold out of course they open sourced it for people to get later But I will wait for a batch 2 Are there theme'able devices in the roadmap? I'd kill for a red and white Hello Kitty one =^).
that's sweet if there's enough hello kitty lovers we could make it possible... O_O I would buy a batch of Gundam Themed ones
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
April 02, 2014, 11:06:36 PM |
|
I don't have any financial relationship or otherwise with SatoshiLabs, other than the pre-order I made, which is now delivered. It's just a project I think is important.
Thanks. I agree TREZOR, and other user-friendly hardware wallets, are for me the most pressing bottleneck for bitcoin adoption. Good work all around guys!
|
|
|
|
|