Bitcoin Forum
November 15, 2024, 10:57:54 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: What if the Trezor server got compromised?  (Read 3462 times)
cafucafucafu (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 509



View Profile
January 11, 2015, 06:24:48 PM
 #1

Are we not putting too much trust into a company here? What if their signing keys get compromised?

SirChiko
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 11, 2015, 06:36:36 PM
 #2

Are we not putting too much trust into a company here? What if their signing keys get compromised?
I doubt it's stored in plain text.

The only online casino on which i won something. I made 17mBTC from 1mBTC in like 15 minutes.  This is not paid AD!

▀Check it out yourself▀
cafucafucafu (OP)
Hero Member
*****
Offline Offline

Activity: 812
Merit: 509



View Profile
January 11, 2015, 06:38:54 PM
 #3

We need to be sure here. We don't want this to be the next Gox or Stamp.

SirChiko
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 11, 2015, 06:47:08 PM
 #4

We need to be sure here. We don't want this to be the next Gox or Stamp.
Why not try mailing them and asking them directly? Smiley

The only online casino on which i won something. I made 17mBTC from 1mBTC in like 15 minutes.  This is not paid AD!

▀Check it out yourself▀
Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 11, 2015, 06:49:04 PM
 #5

We need to be sure here. We don't want this to be the next Gox or Stamp.
Why not try mailing them and asking them directly? Smiley


Like if they will answer as it should be . they will be like every Client support you have ever seen Grin nothing bad will happen it's highly protected etc ... then BOOOM ! R.I.P
not trying to make anyone in Panic here , I'am just saying
I don't even know how Hardware wallets connect to the servers & stuff anyway Smiley

SirChiko
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 11, 2015, 06:50:55 PM
 #6

We need to be sure here. We don't want this to be the next Gox or Stamp.
Why not try mailing them and asking them directly? Smiley


Like if they will answer as it should be . they will be like every Client support you have ever seen Grin nothing bad will happen it's highly protected etc ... then BOOOM ! R.I.P
not trying to make anyone in Panic here , I'am just saying
I don't even know how Hardware wallets connect to the servers & stuff anyway Smiley
Then why not ask naming the security method/methods?

The only online casino on which i won something. I made 17mBTC from 1mBTC in like 15 minutes.  This is not paid AD!

▀Check it out yourself▀
odolvlobo
Legendary
*
Offline Offline

Activity: 4508
Merit: 3417



View Profile
January 11, 2015, 06:52:42 PM
 #7

http://lmgtfy.com/?q=What+happens+if+the+SatoshiLabs+servers+are+hacked+and+the+firmware+signing+key+is+stolen&l=1


What happens if the SatoshiLabs servers are hacked and the firmware signing key is stolen?

First off, this won’t happen Wink. The SatoshiLabs master key is kept very safe. However, you don’t need to rely on the SatoshiLabs signature. You can verify the build yourself. Our hope is that a few trusted TREZOR users will make a habit of verifying firmware checksums. If you are concerned about this, we suggest making a habit of checking our blog or social news channels such as reddit before applying any updates. If there ever was a problem with the firmware not matching the source code, you can be sure someone will have written about it.

You don’t need to worry about the firmware being updated by a computer virus. Your TREZOR will ask you to manually confirm the update before anything is written to the TREZOR’s memory.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
SirChiko
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 11, 2015, 06:56:46 PM
 #8

http://lmgtfy.com/?q=What+happens+if+the+SatoshiLabs+servers+are+hacked+and+the+firmware+signing+key+is+stolen&l=1


What happens if the SatoshiLabs servers are hacked and the firmware signing key is stolen?

First off, this won’t happen Wink. The SatoshiLabs master key is kept very safe. However, you don’t need to rely on the SatoshiLabs signature. You can verify the build yourself. Our hope is that a few trusted TREZOR users will make a habit of verifying firmware checksums. If you are concerned about this, we suggest making a habit of checking our blog or social news channels such as reddit before applying any updates. If there ever was a problem with the firmware not matching the source code, you can be sure someone will have written about it.

You don’t need to worry about the firmware being updated by a computer virus. Your TREZOR will ask you to manually confirm the update before anything is written to the TREZOR’s memory.
So you don't even need to ask, it's already answered Wink

The only online casino on which i won something. I made 17mBTC from 1mBTC in like 15 minutes.  This is not paid AD!

▀Check it out yourself▀
freebit13
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500

I got Satoshi's avatar!


View Profile
January 11, 2015, 08:15:21 PM
 #9

The keys for signing transactions are stored on the trezor, not on an online server. The mytrezor page is only a software interface to access the device and the web never sees any actual private keys, only already signed transactions.

Decentralize EVERYTHING!
cryptworld
Hero Member
*****
Offline Offline

Activity: 714
Merit: 503



View Profile
January 12, 2015, 01:41:09 AM
 #10

you should understand how trezor works

trezor private keys are stored in trezor ,and they never go out from it

so trezor server does not matter to hack your bitcoins
bitllionaire
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
January 12, 2015, 01:51:30 AM
 #11

Trezor is one of the most secures ways to have your bitcoins stored.

The private keys of your trezor never go out from it, and you can always check in its screen the transaction parameters to see if they are correct or not.

I have not seen yet any trezor hack.
Possum577
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250

Loose lips sink sigs!


View Profile WWW
January 12, 2015, 02:04:30 AM
 #12

Having not seen a Trezor hack doesn't mean it's not possible.

Absolute security is relying on NO ONE else to give you your private keys.

oblivi
Hero Member
*****
Offline Offline

Activity: 700
Merit: 501


View Profile
January 12, 2015, 02:11:03 AM
 #13

This is why we need Maidsafe. Servers are deprecated and only create trouble.
Braedo
Member
**
Offline Offline

Activity: 70
Merit: 10

BtcMarkets - Australian Bitcoin Trading Platform


View Profile WWW
January 12, 2015, 03:03:36 AM
 #14

I highly doubt any of the Trezors come in contact with an online machine or server while in production. If they were to store the private keys on their servers it would go against the whole point of the Trezor device.

▲▼▲▼▲▼▲▼  No.1 Bitcoin Binary Options  ▲▼▲▼▲▼▲▼
██████████████████████████████  sec◔nds trade  ██████████████████████████████
↑↓ Instant Bets ↑↓ Flexible 1~720 minutes Expiry time ↑↓ Highest Reward 190% ↑↓ 16 Assets [btc, forex, gold, double dice] ↑↓
tl121
Sr. Member
****
Offline Offline

Activity: 278
Merit: 254


View Profile
January 12, 2015, 03:37:35 AM
 #15

This is why we need Maidsafe. Servers are deprecated and only create trouble.

I run a Trezor off a bitcoin node that runs in my house.  The Trezor talks to an electrum 2.0 beta client and the electrum 2.0 beta client talks to an electrum server which talks to the bitcoin node.  The electrum server and the bitcoin node are physically in my home office.

It all works.  It's very fast. It's easy to use. The Trezor is presently connected via USB to a Windows 7 workstation and the Electrum server and  bitcoin node are running on a small Linux machine that I had lying around.

doggieTattoo
Full Member
***
Offline Offline

Activity: 209
Merit: 100



View Profile
January 12, 2015, 04:13:19 AM
 #16

http://lmgtfy.com/?q=What+happens+if+the+SatoshiLabs+servers+are+hacked+and+the+firmware+signing+key+is+stolen&l=1


What happens if the SatoshiLabs servers are hacked and the firmware signing key is stolen?

First off, this won’t happen Wink. The SatoshiLabs master key is kept very safe. However, you don’t need to rely on the SatoshiLabs signature. You can verify the build yourself. Our hope is that a few trusted TREZOR users will make a habit of verifying firmware checksums. If you are concerned about this, we suggest making a habit of checking our blog or social news channels such as reddit before applying any updates. If there ever was a problem with the firmware not matching the source code, you can be sure someone will have written about it.

You don’t need to worry about the firmware being updated by a computer virus. Your TREZOR will ask you to manually confirm the update before anything is written to the TREZOR’s memory.
I don't think this answers the question. You get a "seed" that you can use to restore your wallet in the event that you need to replace your trezor. What happens if whatever server that is storing the connection between the seed and the private keys get compromised?

TIDEX ▬▬ .CRYPTO COINS AND ASSET TRADING. ▬▬ TIDEX
▬▬▰▰▬▬▰▰▰▬▬▰▰▰▬▬▰▰▰▬▬▰▰▬▬
NEW EXCHANGE   ZERO FEES
Velkro
Legendary
*
Offline Offline

Activity: 2296
Merit: 1014



View Profile
January 12, 2015, 04:29:29 AM
 #17

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free
Braedo
Member
**
Offline Offline

Activity: 70
Merit: 10

BtcMarkets - Australian Bitcoin Trading Platform


View Profile WWW
January 12, 2015, 04:32:24 AM
 #18

http://lmgtfy.com/?q=What+happens+if+the+SatoshiLabs+servers+are+hacked+and+the+firmware+signing+key+is+stolen&l=1


What happens if the SatoshiLabs servers are hacked and the firmware signing key is stolen?

First off, this won’t happen Wink. The SatoshiLabs master key is kept very safe. However, you don’t need to rely on the SatoshiLabs signature. You can verify the build yourself. Our hope is that a few trusted TREZOR users will make a habit of verifying firmware checksums. If you are concerned about this, we suggest making a habit of checking our blog or social news channels such as reddit before applying any updates. If there ever was a problem with the firmware not matching the source code, you can be sure someone will have written about it.

You don’t need to worry about the firmware being updated by a computer virus. Your TREZOR will ask you to manually confirm the update before anything is written to the TREZOR’s memory.
I don't think this answers the question. You get a "seed" that you can use to restore your wallet in the event that you need to replace your trezor. What happens if whatever server that is storing the connection between the seed and the private keys get compromised?

The seed is most likely unique to the device, So the hacker would need your seed and physical access to your Trezor

▲▼▲▼▲▼▲▼  No.1 Bitcoin Binary Options  ▲▼▲▼▲▼▲▼
██████████████████████████████  sec◔nds trade  ██████████████████████████████
↑↓ Instant Bets ↑↓ Flexible 1~720 minutes Expiry time ↑↓ Highest Reward 190% ↑↓ 16 Assets [btc, forex, gold, double dice] ↑↓
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
January 12, 2015, 05:32:33 AM
 #19

can you enter you own seed made from dice rolls or coin flips?

can you even simply generate a new seed?

freedomno1
Legendary
*
Offline Offline

Activity: 1820
Merit: 1090


Learning the troll avoidance button :)


View Profile
January 12, 2015, 06:17:26 AM
 #20

Trezor is standalone so as far as I know no server
Assume offline generation as well so no server to transfer the stolen data from.
Plus Slush pools still running  Wink

Believing in Bitcoins and it's ability to change the world
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!