What if the Trezor server got compromised?

[zetaray]

Trezor software is open source. Anyone can audit the code and if he thinks there is a security issue, you can voice out.

[1714896816]

1714896816

[1714896816]

1714896816

[freebit13]

can you enter you own seed made from dice rolls or coin flips?

can you even simply generate a new seed?

You can change the seed, but not to something you can choose yourself, it is automatically generated.

[freebit13]

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

He said one of the most, not the most. Paper wallets are more secure (depending on how they are generated), but they serve a different purpose and are usually used for storage only and have to be swept into another wallet in order to make payments.

The trezor is the safest way to store coins and have them available to spend all the time. I'm going to the Isle of Man in June and I'm not taking my desktop pc with me, in this case it's the safest way to store coins and be able to make payments from any pc.

[Vessko]

The Trezor device has access to your private keys. Therefore, it is correct to assume that if the device is compromised, you could lose the BTC stored on it.

Can the device be compromised? For instance, can the attacker convince it to run software supplied by the attacker?

From time to time, the firmware on the device has to be updated. The update is downloaded from the site of the producer and signed with several (3? Don't recall any more) secret keys of the developers. The signatures are checked with the public keys of the developers, which are stored in the firmware of the device. Can this process be subverted?

If the PC downloading the new firmware is compromised, the malware on it can modify the new firmware - but it would invalidate the signatures. Therefore, a different approach is needed.

One possibility is if the signing (secret) keys of the developers are compromised - either by a disgruntled employee, or because they go rogue, or because the company is hacked. Such things have happened in the past. However, several keys would have to be compromised (and the breach not noticed); just one would not be enough. While not impossible, I consider this highly unlikely.

There is another approach, however - one that exploits not cryptography but human nature. We call is "social engineering" but it's basically lying and manipulation. Suppose that the malware on the compromised PC intercepts all communications to and from the company server and changes the firmware update page. It puts a HUGE warning that the company's keys have been compromised, there are new ones and the new firmware is signed with them, so trust us and ignore any warnings from the device - with screen shots of what to do and everything. (The same thing can be achieved by hacking the company's site - but that would be noticed and fixed fast enough.)

While many people will realize that something is fishy, many more would not. And a successful scam doesn't have to work on everybody - it only needs to work on enough people to be profitable.

[AGD]

I would trust an offline wallet more than any centralized service.
To be 100% sure about the randomness of your private key, use a coin and flip it 160 times. Google for a "how to generate a private bitcoin key with a coin"

[HeroCat]

Trezor private keys are stored in Trezor, so everything is ok 

[qxzn]

This is why we need Maidsafe. Servers are deprecated and only create trouble.

I run a Trezor off a bitcoin node that runs in my house.  The Trezor talks to an electrum 2.0 beta client and the electrum 2.0 beta client talks to an electrum server which talks to the bitcoin node.  The electrum server and the bitcoin node are physically in my home office.

It all works.  It's very fast. It's easy to use. The Trezor is presently connected via USB to a Windows 7 workstation and the Electrum server and  bitcoin node are running on a small Linux machine that I had lying around.

Have you written up how you set this up? It would be nice to see some docs about how to do this.

[jonald_fyookball]

can you enter you own seed made from dice rolls or coin flips?

can you even simply generate a new seed?

You can change the seed, but not to something you can choose yourself, it is automatically generated.

Then it is not trustless.

[tl121]

This is why we need Maidsafe. Servers are deprecated and only create trouble.

I run a Trezor off a bitcoin node that runs in my house.  The Trezor talks to an electrum 2.0 beta client and the electrum 2.0 beta client talks to an electrum server which talks to the bitcoin node.  The electrum server and the bitcoin node are physically in my home office.

It all works.  It's very fast. It's easy to use. The Trezor is presently connected via USB to a Windows 7 workstation and the Electrum server and  bitcoin node are running on a small Linux machine that I had lying around.

Have you written up how you set this up? It would be nice to see some docs about how to do this.

The biggest part of the problem was becoming familiar with compiling software and installing it on the operating systems that were involved:  Ubuntu 14.04 and Windows 7.  Initially, I just focused on Ubuntu.  I started out running it in a VMware virtual machine (free version) that ran under Window 7, but this was interfering with the performance of other things I use the machine for, so I spend $300 and put together an Atom based Intel NUC system with 120 GB SSD and 8 GB of RAM.  I installed Ubuntu 14.04 LTS on this machine.  Initially I was using a spare keyboard and mouse and VGA display, but after I got the system running OK and set up SSH I have managed the system headless using PUTTY from my Windows 7 machine.

I went to the Electrum web site and then to Github and found the instructions for installing Electrum Server, which involve building it from source. This was pretty straightforward, just involved tracing down some dependencies.  I am no Linux expert, so a certain amount of Googling was needed to interpret error messages and figure out how to do things, such as increasing the number of open files.  The first part of the directions was to build a bitcoin node from source on this machine.  After I got this working, and installed on the system and it seemed to be working OK, I moved on to the electrum server and got it to work with electrum clients on one of my other machines (the release version, not the Trezor version. At this point I was running a couple of PUTTY terminal windows.  The last thing to do on this box was to rig it so that bitcoind and Electrum server started up automatically at boot. The machine runs unattended and draws almost no power (less than 15 watts) and sits behind a  UPS, so it does not glitch with my frequent power interruptions.  The Electrum Server is not very robust and if the system is shut down without waiting for the Electrum server to finish processing, the database can be corrupted and this can take hours to recover, so don't do this.

The next step was to get an Electrum 2.0 client running.  I did this first under an Ubuntu virtual machine on my Windows system. The directions are at the Electrum git-hub site. Again, some tracing down dependencies and loading them with apt-get.  At this point the next step was to get the Trezor running.  This requires installation of appropriate routines to allow Python programs to access the Trezor via the USB. This is the Python Trezor code, also available from Github. It includes a "hello world" test program to verify that a Python program can talk to the Trezor.  I ran into one obscure problem getting this to work. I had to find the utility to see what was going on on the (virtual) USB, bypassing the "Cython" wrapper that connected Python to the C code that talked to the USB. I thought something was seriously broken, but then I discovered that everything worked fine so long as I was running as root.  Once I set up the USB protections so the account used for the my normal login was permitted to access the Trezor (both read and write) then everything was fine.  At this point it was just a matter of starting with no wallets in the .electrum directory and Electrum 2.0 prompted me for the rest and my Trezor based wallet showed up.

I ran this way for a month.  Eventually, I got bored and curious and figured out how to get Electrum 2.0 to run under Windows 7.  This involved installing Python, Python-Qt and a development environment for C code.  This was another learning experience on my part, but it was all possible by downloading free software.  I got waylaid for a few hours until I realized that the free C compiler I had used was only 32 bits, and so I had to redownload and reinstall the appropriate versions of Python and Python-Qt.

For someone with more skill that I had, all of this would be an easy process.  The longest time required was the time for the initial download and block sync of bitcoind and the downloading of the electrum server database and initial sync of the electrum server.   If all you want to do is use Trezor via Electrum, none of this server work is needed, but then you will have to trust the electrum servers, which means you had better not be paranoid.

I deliberately picked a low end Intel Nuc (1.4 GHz single core) for a server machine  to see if it would be fast enough. It takes less than 10 percent of CPU time for bitcoind to keep up with the network, even where 1 MB blocks are back to back.  I can't say as much for the Electrum Server.  The CPU seems to be saturated and uses about 30-40 percent of the CPU on this slow machine for large blocks.  This seems unnecessary, as I understand it, but I don't know enough about Python to know how to profile the software and speed it up.  (I'm sure that this can be done, because running an Electrum Server doesn't involve verifying transactions in the block chain, which is the time consuming part of bitcoin processing.  The server is just doing database processing which ought to be lightening fast with 8 GB of RAM and an SSD.)

I would not recommend doing this if you aren't already an expert or (as in my case) you "enjoy" learning experiences. :-)

https://github.com/spesmilo/electrum-server
https://github.com/spesmilo/electrum
https://github.com//trezor/python-trezor

[johoe]

AFAIK, the Trezor has a hardware random device so the random numbers it produces should be good.  Just in case, it also adds random numbers from the computer on first initialization.

But if you really want to, you can enter your own seed generated from dice rolls. It must conform to bip39 (12/18/24 words, part of the last word is a checksum).  The spec is out, but I'm not sure if someone implemented a tool that converts dice rolls into a bip39 mnenomic sequence. If you go this way, you need to trust the computer where you compute the sequence. 

You should never enter the 12/18/24 word sequence directly into a computer.  If you restore the Trezor from backup it will ask for the words in a random order (on its own display), so even if the javascript code or the local computer is compromised, it will not know the order of the words.  Of course, knowing which words occur in the sequence drastically reduces the security of the sequence.

Firmware updates have to be sent manually to the trezor using a special procedure involving pressing both buttons while connecting the trezor to the computer.  So even if the firmware keys are compromised, an attacker has to convince you to make a firmware update.  So if you check the social networks for announcements before doing a firmware update you should be fine.  Another problem may be an unknown bug (0day exploit) in the current firmware.  Still an attacker needs to compromise first your computer or the mytrezor domain or the client you use to access the Trezor and second the Trezor firmware.

[sase007]

I will send Slush link to this thread, he may answer you...

[SirChiko]

I will send Slush link to this thread, he may answer you...

It has already been answered on the first page

[BittBurger]

The private keys of your trezor never go out from it, and you can always check in its screen the transaction parameters to see if they are correct or not.

I have not seen yet any trezor hack.

Boy wouldn't it suck to find out one day that the Trezor devices were simply using wifi to transmit the information on them?

There are so many suspicious infommerical-sounding posts for the Trezor all over the internet right now, I really wonder how many are legit.

In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.

Paper wallets all the way.

-B-

[kamilosa]

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

A paper backup is a quite safe method to protect bitcoins, but you still need to load private keys from paper using a trusted computer to send your coins to somebody else - please see the docs - http://doc.satoshilabs.com/trezor-faq/differences.html

[kamilosa]

The private keys of your trezor never go out from it, and you can always check in its screen the transaction parameters to see if they are correct or not.

I have not seen yet any trezor hack.

Boy wouldn't it suck to find out one day that the Trezor devices were simply using wifi to transmit the information on them?

There are so many suspicious infommerical-sounding posts for the Trezor all over the internet right now, I really wonder how many are legit.

In my opinion, you have to be a complete idiot to trust your money to any electronic device, provided by any 3rd party, for any reason whatsoever right now.

Paper wallets all the way.

-B-

Please read the docs first http://doc.satoshilabs.com/trezor-user/securityphilosophy.html . Do not you think, if there will be any wi-fi integrated in the hardware someone will already find out? Do not you think if there will be some security issue, people like Andreas Antonopolous will be even bothered to mention Trezor device as a secure solution http://www.reddit.com/r/Bitcoin/comments/2mz3q3/new_identity_of_andreas_m_antonopoulos_secure_and/

Yes, paper wallets are safe, but you still need to load private keys from paper using a trusted computer to send your coins to somebody else. Also if you do not understand, how change adresses work, you are most likely to loose your coins.

[coinableS]

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?

[odolvlobo]

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?

If the Trezor goes, you have the seed that can be imported into another wallet.

[kamilosa]

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?

you have backup of your seed on the paper as well. You can use any BIP32 compatible wallet to import the seed and recover your funds.

Electrum is currently in beta http://www.reddit.com/r/TREZOR/comments/2jp9uk/tutorial_install_electrum_20_beta_with_trezor/ , soon you will be able to use Trezor with Multibit HD, Armory and GreenAddress.

Basically there is no way, how you can loose your coins using Trezor.

[freebit13]

From what I can find from wading through some of the code, it looks like its random functions are at least cryptographically secure.

Code:

def _get_local_entropy(self):
  return os.urandom(32)

[cafucafucafu]

Trezor is one of the most secures ways to have your bitcoins stored.

I don't agree, paper wallet or offline computer wallet is more secure and free

This 100%.  Paper wallets and offline usb is the way I go. If the usb corrupts or fails I still have the paper.  If the trezor fails, then what?

Paper wallets can be stolen and they have no passwords.
Memory sticks can be destroyed in a fire or lost/stolen.
You still need to sweep the private keys for every spend.

This is what is advantageous about Trezor. The masses need such a device if bitcoin is going to become big.

Trezor could be compromised if cameras watch you typing the seed?