Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
⭐ Merited by Lucius (1)
I must be in the wrong thread... like a lost little puppy..
and having the questions:
What is crypto? Does it somehow relate to this here topic?
Crypto?and having the questions:
What is crypto? Does it somehow relate to this here topic?
Reminds me of John Carvahlo's taunting of Roger Ver with the term "Bcash"..
bcash
bcash
bcash
hahahahahaha
So not bragging about your holdings is another easy security layer.
Part of the reason why 0.63 BTC will have to be downgraded, at some point.
@AlcoHoDL, Trezor vulnerability is something that has been known for years, there was a lot of discussion about it in the technical discussion boards, but luckily every user can protect himself by setting a passphrase, and there is also another option, which is the use of an SD card.
When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
A 128 bits PIN should do the trick as well, as it is used to encrypt the seed on the chip.When it comes to passphrase, the conclusion is that they should be at least 37 characters long :
A physical access to a Trezor One, Trezor T, Keepkey, or B-wallet allows an attacker to extract the 12/24-words within a few minutes using a low-cost setup (~100$), with a very high reproducibility (we had 100% success). We finally proved it can be fully automated allowing anyone to use it in case someone would sell the Extraktor box (similar to old Playstation hacks). This attack can not be fixed. The only mitigation is to use a strong passphrase: we recommend 37 random characters to maintain the same level of security.
For those who are interested in how to protect themselves additionally with the help of an SD card :
Trezor T (2.3.0) and Trezor One (1.9.0) firmware update
Also, one thing I forgot is that it is possible to set a so-called fake PIN that can be left as a bait, and if it is entered, all data from the hardware wallet will be deleted.
Quote from: https://blog.trezor.io/increase-your-security-with-the-latest-trezor-updates-6ed984fb5c18
The Wipe Code
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
Another exciting new feature is the wipe code that acts as a “self-destruct PIN” that erases your Trezor if someone tries to unlock your device without your consent. If the wipe code is entered into any PIN entry dialog, then all private data will be immediately erased from your Trezor and the device will be reset to factory defaults. You can write the wipe code somewhere near your Trezor as a decoy PIN, so if someone tries to unlock the device without your consent, they will cause it to erase itself. You can also use the wipe code to reset your Trezor without using a host device. This update can be enabled on both Trezor models.
(Please let me know if you think I'm wrong)
I still have problems with the need for 37 random characters for the 25th word.. and let's say if someone just has 10-15 somewhat random characters, then how long is it going to take to break into the Trezor?
Remember each time that we log into the device and sometimes we might get disconnected and have to log in again, it can take quite a bit of time to be logging in these 37 random characters each time...
I am not going to say how many digits that I actually use, and I also am not going to give any hints either... and it is bad enough that I said that I use such a device, in theory.
By the way, we have a long term member in these here parts that swears by that piece of crap, aka Ledger, and surely there are probably quite a few members who may or may not be in the closest about their use (and apparent belief) in the Ledger crap.