Gold collapsing. Bitcoin UP.

[cypherdoc]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

I use the trezor for both secure long-term storage and also for day-to-day spending. I actually think it's at least as secure a any armory (or other solution running on multipurpose hardware)-based solution. It's the nice thing about trezor: it combines ease of use with extreme security. In conjunction with electrum (as an example) I can also use address-based coin control for increasing privacy.

Of course, for ordering pizza or making the odd donation I use mycelium. It's just way faster (I make a habit of unplugging the trezor after use) and scanning qr-codes from the screen and seeing the payment arrive a second later has something very special to it.

now i believe that is not right.  i assume you have just one Trezor.  why carry around your long term storage for daily spending?  i assume it has a sizeable balance.  think rubber hosing...

I admit I have multiple trezors.

thatta boy

[marcus_of_augustus]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

[rocks]

if SINGLE privkey is compromised from linear chain then ALL privkeys can be computed in same chain.

that's not right.  you'd need more information, like the chain code if it's even possible, than just a single privkey from the chain.

you need the master seed and one privkey if I understand correctly. Not sure what kind of other information would be sufficient, but a single private key isn't.

shown here by Vitalik: https://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/

If you have the master seed can't you already generate every private key?

The main question is if you have just the private key for one or more addresses in a deterministic wallet, are the other addresses at risk or are they secure.

My understanding was they are still secure.

[rocks]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

If I did get one this is how I'd use it too. Keep the "cold" wallets off trezor and secured as backups only, and keep the "hot" wallet on trezor for daily use.

[cypherdoc]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

it gets even more complicated than this.

turns out, you can have multiple wallets loaded into the Trezor all based off of one seed.  to do this, you click "Enable Passphrases" in advanced settings.  each time it asks you for the passphrase, enter in a different one, and you will generate multiple wallets.  a different passphrase acts like an additional 25th word of the original 24 word seed thus creating a new wallet.  you could deposit all your cold storage savings in one wallet then deposit 1-2 BTC in another.  then if someone rubber hoses you simply reveal the passphrase to the 1-2 BTC wallet for plausible deniability.  it's a clever little device.

[marcus_of_augustus]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

If I did get one this is how I'd use it too. Keep the "cold" wallets off trezor and secured as backups only, and keep the "hot" wallet on trezor for daily use.

I should have qualified that with a conditional, multiple trezors might be useful in respect of back-up hardware, in case one fails or for spoof wallet, leave one around with a few millibits in it to hand over to thugs gubmint or otherwise, etc.

[cypherdoc]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

If I did get one this is how I'd use it too. Keep the "cold" wallets off trezor and secured as backups only, and keep the "hot" wallet on trezor for daily use.

I should have qualified that with a conditional, multiple trezors might be useful in respect of back-up hardware, in case one fails or for spoof wallet, leave one around with a few millibits in it to hand over to thugs gubmint or otherwise, etc.

you don't need the backup hardware.  just load the recovery seed into Mycelium.  totally compatible.

[rocks]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

If I did get one this is how I'd use it too. Keep the "cold" wallets off trezor and secured as backups only, and keep the "hot" wallet on trezor for daily use.

I should have qualified that with a conditional, multiple trezors might be useful in respect of back-up hardware, in case one fails or for spoof wallet, leave one around with a few millibits in it to hand over to thugs gubmint or otherwise, etc.

Yes, there are those useful purposes to having more than one. But you'd still have "unloaded" wallets for colder storage.

In end, what I really want is a single secure back-end that secures multiple wallets. Some wallets are "cold" and used as permanent storage and which are usually in a fully "offline" state. Some wallets are "hot" and used for daily spending with only nominal amounts loaded on them.

Today I can mostly replicate that with Armory. It sounds with current planned development Trezor+Armory front-end will be able to support that as well.

[molecular]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

it gets even more complicated than this.

turns out, you can have multiple wallets loaded into the Trezor all based off of one seed.  to do this, you click "Enable Passphrases" in advanced settings.  each time it asks you for the passphrase, enter in a different one, and you will generate multiple wallets.  a different passphrase acts like an additional 25th word of the original 24 word seed thus creating a new wallet.  you could deposit all your cold storage savings in one wallet then deposit 1-2 BTC in another.  then if someone rubber hoses you simply reveal the passphrase to the 1-2 BTC wallet for plausible deniability.  it's a clever little device.

now that you've posted this your denial is implausible, so I will use monkey wrench attack until I get at least 5 passwords from you (or you die). (sorry to put it that drastically. this is not really my plan, of course, just making a point)

If you want your money safe against such attack, you better have a component involved that you really "don't know" and that isn't "on you", like a seed in a safe somewhere. Shamirs secret sharing sounds like a good idea.

In the end, an attacker can always abduct a loved one and extort coins from you, no matter which way you have secured them.

There's nothing better for safety than a world in which everyone participates sufficiently in prosperity.

[cypherdoc]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

it gets even more complicated than this.

turns out, you can have multiple wallets loaded into the Trezor all based off of one seed.  to do this, you click "Enable Passphrases" in advanced settings.  each time it asks you for the passphrase, enter in a different one, and you will generate multiple wallets.  a different passphrase acts like an additional 25th word of the original 24 word seed thus creating a new wallet.  you could deposit all your cold storage savings in one wallet then deposit 1-2 BTC in another.  then if someone rubber hoses you simply reveal the passphrase to the 1-2 BTC wallet for plausible deniability.  it's a clever little device.

now that you've posted this your denial is implausible, so I will use monkey wrench attack until I get at least 5 passwords from you (or you die). (sorry to put it that drastically. this is not really my plan, of course, just making a point)

If you want your money safe against such attack, you better have a component involved that you really "don't know" and that isn't "on you", like a seed in a safe somewhere. Shamirs secret sharing sounds like a good idea.

In the end, an attacker can always abduct a loved one and extort coins from you, no matter which way you have secured them.

There's nothing better for safety than a world in which everyone participates sufficiently in prosperity.

Nowhere did I say I am  doing this. I'm just quoting from their help documents what is possible.

[cypherdoc]

Why would you need multiple trezors?

The seed is the key, the trezor is like a blank that can be loaded with any key, wiped then loaded with a different key.

In fact having loaded trezors around is riskier than having an empty one with seeds stored elsewhere, off-site, divided up etc.

it gets even more complicated than this.

turns out, you can have multiple wallets loaded into the Trezor all based off of one seed.  to do this, you click "Enable Passphrases" in advanced settings.  each time it asks you for the passphrase, enter in a different one, and you will generate multiple wallets.  a different passphrase acts like an additional 25th word of the original 24 word seed thus creating a new wallet.  you could deposit all your cold storage savings in one wallet then deposit 1-2 BTC in another.  then if someone rubber hoses you simply reveal the passphrase to the 1-2 BTC wallet for plausible deniability.  it's a clever little device.

now that you've posted this your denial is implausible, so I will use monkey wrench attack until I get at least 5 passwords from you (or you die). (sorry to put it that drastically. this is not really my plan, of course, just making a point)

If you want your money safe against such attack, you better have a component involved that you really "don't know" and that isn't "on you", like a seed in a safe somewhere. Shamirs secret sharing sounds like a good idea.

In the end, an attacker can always abduct a loved one and extort coins from you, no matter which way you have secured them.

There's nothing better for safety than a world in which everyone participates sufficiently in prosperity.

hey molecular,

next time you come over, look in the Altoid tin:

[D05GTO]

Man, that would suck if someone threw away your altoids.   Use a Trezor myself.  Really impressed with it so far.  Only have one little gripe.. the usb cable that came with it was flaky but I have at least 10 micro usb cables laying around.

[cypherdoc]

After 1000s of Years Enjoying Gold Standard now Welcome to the Bitcoin Standard

http://blog.btcxindia.com/after-1000s-of-years-enjoying-gold-standard-now-welcome-to-the-bitcoin-standard/

[justusranvier]

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer

I think this is a dangerous assumption to make.

Trezor has a larger attack surface than an offline laptop, since you have to plug it in directly to a potential hostile machine every time you use it.

You can reduce your attack surface with an offline laptop by using CD-R media instead of USB drives, or maybe by using the audio cable transfer method.

[Kupsi]

The main question is if you have just the private key for one or more addresses in a deterministic wallet, are the other addresses at risk or are they secure.

A full Armory wallet is just

1x Root Private Key
1x Root Public Key
1x Chaincode


A watching-only Armory wallet is just

1x Root Public Key
1x Chaincode

So basically watching-only wallets don't have any private key data at all, and the chain code is just a constant that is carried through all the calculations.  With the priv key + chaincode, you can compute all private keys.  With public key + chain, you can compute all public keys that match the private keys produced on the full/offline wallet.

The chaincode and public key are not security-sensitive.  Someone getting them is a breach of privacy, not security.  All internet security is based on the fact that the public key is widely distributed (i.e. "public") and that the scheme maintains full security as long as no one else has the private key.

How about any derived private key, which is not the root key? How serious a leak would that make? Does it compromise all the other private keys as well, if the attacker knows the chain code? (which I assumed is the same for both, private and public chains).

You should always assume that revealing a private key from a deterministic wallet will reveal all siblings.   In Armory wallets, if private key x is revealed with the chaincode, all private keys >= X+1 are revealed.

But I don't spend much time worrying about this.  We do not support or claim to support any use cases where private keys are intentionally revealed.  And if your wallet is unintentionally compromised, they will all be revealed anyway. 

[Kupsi]

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer

I think this is a dangerous assumption to make.

Trezor has a larger attack surface than an offline laptop, since you have to plug it in directly to a potential hostile machine every time you use it.

You can reduce your attack surface with an offline laptop by using CD-R media instead of USB drives, or maybe by using the audio cable transfer method.

Trezor & Offline Armory multisig FTW

[Adrian-x]

How about any derived private key, which is not the root key? How serious a leak would that make? Does it compromise all the other private keys as well, if the attacker knows the chain code? (which I assumed is the same for both, private and public chains).

You should always assume that revealing a private key from a deterministic wallet will reveal all siblings.   In Armory wallets, if private key x is revealed with the chaincode, all private keys >= X+1 are revealed.

But I don't spend much time worrying about this.  We do not support or claim to support any use cases where private keys are intentionally revealed.  And if your wallet is unintentionally compromised, they will all be revealed anyway. 

Thanks for that just to clear up my understanding it is bad practice to distribute private keys from a deterministic wallet.

However is it still true one would need the chaincode and a private key from that chaincode to reveal the resulting private keys of the children keys?

[megadeth]

"It's the Blockchain, not Bitcoin that's the real killer app." Debunked
http://www.joecoin.com/2015/02/crypto-20-and-other-misconceptions.html

[cypherdoc]

How about any derived private key, which is not the root key? How serious a leak would that make? Does it compromise all the other private keys as well, if the attacker knows the chain code? (which I assumed is the same for both, private and public chains).

You should always assume that revealing a private key from a deterministic wallet will reveal all siblings.   In Armory wallets, if private key x is revealed with the chaincode, all private keys >= X+1 are revealed.

But I don't spend much time worrying about this.  We do not support or claim to support any use cases where private keys are intentionally revealed.  And if your wallet is unintentionally compromised, they will all be revealed anyway. 

Thanks for that just to clear up my understanding it is bad practice to distribute private keys from a deterministic wallet.

However is it still true one would need the chaincode and a private key from that chaincode to reveal the resulting private keys of the children keys?

[cypherdoc]

"It's the Blockchain, not Bitcoin that's the real killer app." Debunked
http://www.joecoin.com/2015/02/crypto-20-and-other-misconceptions.html

nice find:

"As established above, any so-called feature that allows Bitcoin to play nice with competing tokens only serves to make it more vulnerable to being usurped.

The argument that Sidechains will promote a vibrant innovative cryptocurrency ecosystem is misguided at best and disingenuous at worst. Thus far, I've yet to see any charges of treason being discussed by Bitcoin's collective mind of core developers and mining pool decision makers. We'll see if it becomes wise before it's too late."

what am i?  chopped liver?