Bitcoin Forum
December 14, 2024, 10:51:58 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Trezor Usage Not Secure IMO  (Read 2412 times)
acoindr (OP)
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
April 02, 2014, 03:34:13 PM
 #1

The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking.

It seems Mike Hearn has been first to receive his Trezor:

https://plus.google.com/+MikeHearn/posts/UbvCG78WpjM

While the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one)

I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed.

People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure.

roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
April 02, 2014, 06:25:59 PM
 #2

yes well security of trezor must be proven Smiley
And soon it will be..
But I believe this is very good device and it will give a chance to keep out BTC's really safe.
slush
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
April 04, 2014, 11:48:34 AM
 #3

Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.

Massimo80
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
April 04, 2014, 12:51:54 PM
 #4

By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.

But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?

Concern for security is a good thing. But paranoia has to stop somewhere...
softron
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
April 04, 2014, 01:04:21 PM
 #5

Hardware wallets are a good idea maybe other products will meet required standard. my main concern is how it handles a hardware failure.

coastermonger
Sr. Member
****
Offline Offline

Activity: 367
Merit: 250

Find me at Bitrated


View Profile
April 04, 2014, 01:09:31 PM
 #6

I'm not discouraging the use of hardware wallets at all, but I don't think they're tops in terms of security.

In the most ideal scenario imaginable, you have your wallet spread across multiple computer devices.  Computer 1, Computer 2, and phone would be sufficient for most people. 

Go to spend your coins, and it creates a partial transaction which gets communicated to the other wallets, they sign off on it using multi-sig and the whole package gets relayed to the bitcoin network.  At no point in the process did one single device ever have the full control to spend your coins.

Better still, if one of them WAS compromised, the best it could do would be to create a partially unfinished multi-sig transaction, and at that point you would know of the intention.

Bitrated user: Rees.
jmw74
Full Member
***
Offline Offline

Activity: 236
Merit: 100


View Profile
April 04, 2014, 01:12:42 PM
 #7

If the biggest worry is an attacker intercepting the trezor in transit (and tampering with it), then it's so much more secure than the alternative, that we should be thrilled with the giant leap forward.
BitCoinDream
Legendary
*
Offline Offline

Activity: 2394
Merit: 1216

The revolution will be digital


View Profile
April 04, 2014, 01:13:19 PM
 #8

The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking.

It seems Mike Hearn has been first to receive his Trezor:

https://plus.google.com/+MikeHearn/posts/UbvCG78WpjM

While the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one)

I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed.

People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure.



I think an implementation of RSA SecureID or similar type of a thing to verify the hardware is from the original vendor may solve the problem...


bryant.coleman
Legendary
*
Offline Offline

Activity: 3780
Merit: 1219


View Profile
April 04, 2014, 02:07:23 PM
 #9

Don't buy Trezor from untrusted source. Problem solved.

Right now you can't buy Trezor from their official site. So many people will go for third party re-sellers.
franky1
Legendary
*
Offline Offline

Activity: 4438
Merit: 4821



View Profile
April 04, 2014, 09:33:43 PM
 #10

plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.

the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.

so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk


I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
acoindr (OP)
Legendary
*
Offline Offline

Activity: 1050
Merit: 1002


View Profile
April 04, 2014, 10:52:12 PM
 #11

Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected,

slush, FWIW I think the Trezor is indeed safe for now when it and Bitcoin are not so popular in the mainstream. I used that title to make a point. I'd rather have people thinking something which is secure could be insecure than vice versa. I hope to avoid a situation where it's commonly believed the Trezor is safe for storing 50-100K USD plus of value, only to see it vanish because some hackers set up successful real world MITM attacks.

but that definitely isn't something what regular users will do.

I agree.

That's why I made this post (with a proposed a solution).
skooter
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
April 04, 2014, 11:18:32 PM
 #12

plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.

the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.

so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk



You can have firmware that's locked into the chip, and have a PC program has read only access to that firmware, to confirm it's the real firmware.
Klestin
Hero Member
*****
Offline Offline

Activity: 493
Merit: 500


View Profile
April 14, 2014, 03:04:31 PM
 #13

my main concern is how it handles a hardware failure.

During the initial setup, the device provides you with a series of (I believe 20) words. These words can be used during the setup of a new device to recover from hardware failure/theft/washing machine/etc. Write them down or in some other way store them securely and you are set.

These guys have designed a solid hardware wallet that fits a specific use case (requiring a USB-capable host device).  I'll be picking one up for sure and I look forward to the next generation which will hopefully work via NFC, or bluetooth to phones, or another wire-free connection solution.
drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
April 14, 2014, 03:12:55 PM
 #14

By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.

But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?

Please research into http://gitian.org/

I believe the Bitcoin reference client is created via this process and it allows the user to know for sure that their binary is in fact compiled from the source on Github. We are learning about more secure ways of distributing software from source.
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
April 14, 2014, 03:29:19 PM
 #15

I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.

drawingthesun
Legendary
*
Offline Offline

Activity: 1176
Merit: 1015


View Profile
April 14, 2014, 04:02:57 PM
 #16

I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.



If Bitcoin does remain the king for 10 years and you still hold some, you'll be able to buy the supermarket.
MWNinja
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile WWW
April 14, 2014, 04:16:54 PM
 #17

My wish list:

Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot.  Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates.  Certificate based system to allow the manufacturer to authenticate and update devices remotely.
Mutual Authentication.  The device displays a password or image known to the user so the user can verify the device's authenticity.
Biometric User Authentication.  The device can authenticate based on a person's DNA, fingerprint, iris scan, etc.

Wilikon
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001


minds.com/Wilikon


View Profile
April 14, 2014, 04:44:48 PM
 #18

I believe one day we will have so many wallet devices to choose Wink and prices will be much better.

I think in 10 years you will be able to buy it in a supermarket Smiley
I am pretty sure of it.




https://www.youtube.com/watch?v=k8LqlMzEe-I  Smiley
madmadmax
Hero Member
*****
Offline Offline

Activity: 740
Merit: 501



View Profile
April 14, 2014, 04:55:57 PM
 #19

Don't buy Trezor from untrusted source. Problem solved.

Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.

Well that begs the question what is an untrusted source? A guy producing fraudulent dollar bills in his basement is producing legit bills as far as he's concerned, they are legit fraudulent dollar bills. Same thing with Trezor, it might be an official lie or an unofficial lie but the fact that it is manufactured in China well under the control of the three letter organizations doesn't change.

A device like that could be compromised in manufacturing by adding a "broadcaster" the size of a transistor in the design, it could then become possible to acquire the private keys over a distance of up to a mile.

The 5$ wrench in effect.








       ▄▄▄▄▄               ▄▄▄▄▄
   ▄▄█▀▀▀▀▀▀██▄        ▄▄█▀▀▀▀▀▀▀█▄
 ▄██▀        ▀██▄    ▄██▀         ▀█▄
██▀            ▀██▄  ▀▀             ██
██               ▀██        ▄▄▄▄▄▄▄▄██
██                ▀██▄      ▀▀▀▀▀▀▀▀▀▀
 ██▄          ▄██   ▀██▄          ▄▄▄
  ▀██▄      ▄██▀      ▀██▄▄     ▄██▀
    ▀▀██████▀▀          ▀▀██████▀▀


Unchained Smart Contracts
Decentralized Oracle
Infinitly Scalable
Blockchain Technology
Turing-Complete
State-Channels



                 ▄████▄▄    ▄
██             ████████████▀
████▄         █████████████▀
▀████████▄▄   █████████████
▄▄█████████████████████████
██████████████████████████
  ▀██████████████████████
   █████████████████████
    ▀█████████████████▀
      ▄█████████████▀
▄▄███████████████▀
   ▀▀▀▀▀▀▀▀▀▀▀

             ▄██▄
     ▄      ▐████   ▄▄
   █████     ██████████
    █████████████████▀
 ▄████████████▀████▌
██████████     ▀████    
 ▀▀   █████     ██████████
      ▀████▌▄████████████▀
    ▄▄▄███████████████▌
   ██████████▀    ▐████
    ▀▀▀  ████▌     ▀▀▀
         ▀███▀
f


2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1073



View Profile
April 14, 2014, 07:32:31 PM
 #20

My wish list:

Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot.  Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates.  Certificate based system to allow the manufacturer to authenticate and update devices remotely.
This was already discussed in the original thread: Trezor aims to promote open development and not trying to recreate jailed environment like the ones promulgated by Apple or Samsung.

Genuine paranoiacs will never feel "secure enough", but the points above are from a wishlist of a petty tyrant or a naive newbie.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!