acoindr (OP)
Legendary
 Offline
Activity: 1050
Merit: 1002
|
 |
April 02, 2014, 03:34:13 PM |
|
The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking. It seems Mike Hearn has been first to receive his Trezor: https://plus.google.com/+MikeHearn/posts/UbvCG78WpjMWhile the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one) I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed. People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure.  |
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
April 02, 2014, 06:25:59 PM |
|
yes well security of trezor must be proven  And soon it will be.. But I believe this is very good device and it will give a chance to keep out BTC's really safe. |
|
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
April 04, 2014, 11:48:34 AM |
|
Don't buy Trezor from untrusted source. Problem solved.
Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.
|
|
|
|
|
Massimo80
|
|
April 04, 2014, 12:51:54 PM |
|
By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.
But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?
Concern for security is a good thing. But paranoia has to stop somewhere...
|
|
|
|
|
|
softron
|
|
April 04, 2014, 01:04:21 PM |
|
Hardware wallets are a good idea maybe other products will meet required standard. my main concern is how it handles a hardware failure.
|
|
|
|
coastermonger
Sr. Member
Offline
Activity: 367
Merit: 250
Find me at Bitrated
|
|
April 04, 2014, 01:09:31 PM |
|
I'm not discouraging the use of hardware wallets at all, but I don't think they're tops in terms of security.
In the most ideal scenario imaginable, you have your wallet spread across multiple computer devices. Computer 1, Computer 2, and phone would be sufficient for most people.
Go to spend your coins, and it creates a partial transaction which gets communicated to the other wallets, they sign off on it using multi-sig and the whole package gets relayed to the bitcoin network. At no point in the process did one single device ever have the full control to spend your coins.
Better still, if one of them WAS compromised, the best it could do would be to create a partially unfinished multi-sig transaction, and at that point you would know of the intention.
|
Bitrated user: Rees.
|
|
|
|
jmw74
|
|
April 04, 2014, 01:12:42 PM |
|
If the biggest worry is an attacker intercepting the trezor in transit (and tampering with it), then it's so much more secure than the alternative, that we should be thrilled with the giant leap forward.
|
|
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2324
Merit: 1204
The revolution will be digital
|
|
April 04, 2014, 01:13:19 PM |
|
The Bitcoin Trezor has the potential to be a user friendly ultra-secure way to store and use bitcoin, something which has been sorely lacking. It seems Mike Hearn has been first to receive his Trezor: https://plus.google.com/+MikeHearn/posts/UbvCG78WpjMWhile the product looks great I would caution there may be a hole in the security. Trezor is safe from virus stealing software because it's isolated from any software which might be compromised by hackers. That's only true if hackers don't have access to the actual Trezor, though. (or a look alike which can pass as one) I've previously said any private key producing software needs some sort of checksum availability for users. This is true also of the Trezor. I won't go into detail about how it might be compromised, but its transit is the source of concern. Boxes are sent with a tamper evident hologram, but the Casascius coin hack showed us the vulnerability with that. The device IMO should be able to call back to the company website to verify the software has not changed. People are going to put their trust and money into security solutions we tell them to, so we need to make sure those solutions are really secure. I think an implementation of RSA SecureID or similar type of a thing to verify the hardware is from the original vendor may solve the problem...  |
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3654
Merit: 1217
|
|
April 04, 2014, 02:07:23 PM |
|
Don't buy Trezor from untrusted source. Problem solved. Right now you can't buy Trezor from their official site. So many people will go for third party re-sellers. |
|
|
|
|
franky1
Legendary
 Online
Activity: 4214
Merit: 4475
|
|
April 04, 2014, 09:33:43 PM |
|
plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.
the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.
so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
acoindr (OP)
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
April 04, 2014, 10:52:12 PM |
|
Don't buy Trezor from untrusted source. Problem solved.
Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected,
slush, FWIW I think the Trezor is indeed safe for now when it and Bitcoin are not so popular in the mainstream. I used that title to make a point. I'd rather have people thinking something which is secure could be insecure than vice versa. I hope to avoid a situation where it's commonly believed the Trezor is safe for storing 50-100K USD plus of value, only to see it vanish because some hackers set up successful real world MITM attacks. but that definitely isn't something what regular users will do.
I agree. That's why I made this post (with a proposed a solution). |
|
|
|
|
skooter
Member
Offline
Activity: 70
Merit: 10
|
|
April 04, 2014, 11:18:32 PM |
|
plugging a trezor into your PC and having your PC check the firmware matches the source .... i think that would be a bigger security risk.
the chances that someone can intercept the trezor from warehouse, to your house is small.. but having a firmware/software utility on your pc that updates the trezor, has more chance of being abused by a trojan. replacing the trezor updater with a hijacked updater.
so i personally would prefer a stand alone trezor that doesnt need to connect to th internet to update once a week.. as thats the true risk
You can have firmware that's locked into the chip, and have a PC program has read only access to that firmware, to confirm it's the real firmware. |
|
|
|
|
|
Klestin
|
|
April 14, 2014, 03:04:31 PM |
|
my main concern is how it handles a hardware failure. During the initial setup, the device provides you with a series of (I believe 20) words. These words can be used during the setup of a new device to recover from hardware failure/theft/washing machine/etc. Write them down or in some other way store them securely and you are set. These guys have designed a solid hardware wallet that fits a specific use case (requiring a USB-capable host device). I'll be picking one up for sure and I look forward to the next generation which will hopefully work via NFC, or bluetooth to phones, or another wire-free connection solution. |
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
April 14, 2014, 03:12:55 PM |
|
By the same logic, you shouldn't download any pre-compiled wallet software, you should always compile it from source code. And only after having thoroughly read and understood it. Which, of course, is not possible if you are not a programmer yourself, and even then can get quite difficult.
But if you just download a wallet software and run it, how can you know there is not a backdoor inside and/or it doesn't send your private keys to the someone else?
Please research into http://gitian.org/I believe the Bitcoin reference client is created via this process and it allows the user to know for sure that their binary is in fact compiled from the source on Github. We are learning about more secure ways of distributing software from source. |
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
April 14, 2014, 03:29:19 PM |
|
I believe one day we will have so many wallet devices to choose  and prices will be much better. I think in 10 years you will be able to buy it in a supermarket I am pretty sure of it. |
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
April 14, 2014, 04:02:57 PM |
|
I believe one day we will have so many wallet devices to choose and prices will be much better. I think in 10 years you will be able to buy it in a supermarket I am pretty sure of it. If Bitcoin does remain the king for 10 years and you still hold some, you'll be able to buy the supermarket. |
|
|
|
|
|
MWNinja
|
|
April 14, 2014, 04:16:54 PM |
|
My wish list:
Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot. Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates. Certificate based system to allow the manufacturer to authenticate and update devices remotely.
Mutual Authentication. The device displays a password or image known to the user so the user can verify the device's authenticity.
Biometric User Authentication. The device can authenticate based on a person's DNA, fingerprint, iris scan, etc.
|
|
|
|
|
Wilikon
Legendary
Offline
Activity: 1176
Merit: 1001
minds.com/Wilikon
|
|
April 14, 2014, 04:44:48 PM |
|
I believe one day we will have so many wallet devices to choose and prices will be much better. I think in 10 years you will be able to buy it in a supermarket I am pretty sure of it. |
|
|
|
|
|
madmadmax
|
|
April 14, 2014, 04:55:57 PM |
|
Don't buy Trezor from untrusted source. Problem solved.
Of course you can run some blackbox/unit tests on device to prove that it is genuine / works as expected, but that definitely isn't something what regular users will do.
Well that begs the question what is an untrusted source? A guy producing fraudulent dollar bills in his basement is producing legit bills as far as he's concerned, they are legit fraudulent dollar bills. Same thing with Trezor, it might be an official lie or an unofficial lie but the fact that it is manufactured in China well under the control of the three letter organizations doesn't change. A device like that could be compromised in manufacturing by adding a "broadcaster" the size of a transistor in the design, it could then become possible to acquire the private keys over a distance of up to a mile. The 5$ wrench in effect. |
▄▄▄▄▄ ▄▄▄▄▄
▄▄█▀▀▀▀▀▀██▄ ▄▄█▀▀▀▀▀▀▀█▄
▄██▀ ▀██▄ ▄██▀ ▀█▄
██▀ ▀██▄ ▀▀ ██
██ ▀██ ▄▄▄▄▄▄▄▄██
██ ▀██▄ ▀▀▀▀▀▀▀▀▀▀
██▄ ▄██ ▀██▄ ▄▄▄
▀██▄ ▄██▀ ▀██▄▄ ▄██▀
▀▀██████▀▀ ▀▀██████▀▀
| | █
║
█ | ✔ Unchained Smart Contracts
✔ Decentralized Oracle
✔ Infinitly Scalable
| ✔ Blockchain Technology
✔ Turing-Complete
✔ State-Channels
| █
║
█ |
▄████▄▄ ▄
██ ████████████▀
████▄ █████████████▀
▀████████▄▄ █████████████
▄▄█████████████████████████
██████████████████████████
▀██████████████████████
█████████████████████
▀█████████████████▀
▄█████████████▀
▄▄███████████████▀
▀▀▀▀▀▀▀▀▀▀▀
| |
▄██▄
▄ ▐████ ▄▄
█████ ██████████
█████████████████▀
▄████████████▀████▌
██████████ ▀████
▀▀ █████ ██████████
▀████▌▄████████████▀
▄▄▄███████████████▌
██████████▀ ▐████
▀▀▀ ████▌ ▀▀▀
▀███▀
| | f | | █
║
█ | |
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1068
|
|
April 14, 2014, 07:32:31 PM |
|
My wish list:
Secure root of trust. Trust anchor (key/certificate) burned into OTP memory.
Secure boot. Using the secure root of trust, the device can authenticate it's software load and fail to load if tampered.
Secure updates. Certificate based system to allow the manufacturer to authenticate and update devices remotely.
This was already discussed in the original thread: Trezor aims to promote open development and not trying to recreate jailed environment like the ones promulgated by Apple or Samsung. Genuine paranoiacs will never feel "secure enough", but the points above are from a wishlist of a petty tyrant or a naive newbie. |
|
|
|
|
