The more I think about the concept of this device the more it seems to be intended for idiots. All theater, no actual security.
This is when people will stop answering you, but some of the smartest people in bitcoin endorse this and actually have helped to make it more even more secure. I guess those people are idiots.
And you think endorse equals use? I doubt those smart people would care to entrust private keys to a new device. Not to mention they are selling it for so much they all probably got a piece of the pie.
But then it's intended for people who know nothing of security. Google "security theater" maybe it will help you realize why you wasted your money.
I really doubt that people got a piece of pie, considering how expensive it is to develop hardware, plus they converted the bitcoins to fiat. So yeah. Also as for me not knowing anything about security, I have many sites that I have been contracted to do security on them. So yeah. The trezor just fits into my eco-system of bitcoin so I guess it doesn't work for you. Pre-orders aren't for everyone only the people that actually understand what a pre-order means.
Looks real nice I would have no use and im not sure many others will considering the internet is everywhere and they can just use blockchain.info
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
Also I am pretty sure this was announced in September so I real do not see why this must be announced twice
But I still support this product because it looks nice!
This is why you probably need it! Blockchain is very unsecure wallet, but they are planning to add trezor support and that would make them very much the most secure web wallet known.
What security? Securing PHP against SQL injection and include? Do you know about various buffer overflows and how to exploit them? Do you know about how are ROP chains used to defeat DEP and partial ASLR?
We are talking about third party hardware here, one that has to accept various inputs through a USB. It opens such a vast attack surface you probably can't imagine it.
So lets ask the developers, are they planning to do complete ASLR on their little device? If not no one should trust it at all. Although no one will probably bother exploiting it if it will have a small user base.
I don't know much about how they are planning to do it, but based on just the reading here, I would guess that ASLR is somewhat obviated through the ARM Invariant-timing packets and overflow handling, and FIFO overflow protection.
Careful implementation of stall processing can stall the processor until the FIFO buffer is empty. This is a pretty safe defense even against the stack smashing ROP chains, but might still be exploitable through a environmental corner attack, if you can find enough edges.
It is possible that they have chosen an architecture that doesn't include FIFOFULL operations. Maybe they will clarify.
Or maybe they will leave us guessing and let those that are going to try to break them predictably using this method to their own devices. In that case I guess we will have to buy a few devices to find out.