Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Re: Trezor: Bitcoin hardware wallet
by
klokan
on 20/07/2014, 23:10:57 UTC
Quote from: ghgr on July 20, 2014, 08:06:34 PM

Good to know that imaging the device is not as simple as plugging the internal memory (SD Card for example) into a PC and bruteforcing the PIN in seconds. I think that should be stated more clearly in the website. You say that the attacker would need expensive laboratory equipment, can you please be more specific, or point me to the doc where they describe this point? It would be important to discard this attack surface.
In any case it would be a good idea to have another Trezor at home ready to send all the funds to a paper wallet, just in case the main one 'disappears'.


If the first point is solved, and considering that the integrity of the device can be verified by providing a test seed and checking the generated addresses, the only attack surface I can think of is the validation of the data sent by the computer to the device. I'll take a look at how Google's protobuf works.


Is there any reason why they went with BIP 0032 instead of simply SHA256(SEED+idx) or similar? The added complexity of BIP 0032 is justified when we need 'watch only' wallets for example, but in the use case of Trezor, where there is a single user and the privates keys are not supposed to be leaked I don't understand the reason. Maybe they plan to allow Trezor to only receive payments, but not send them? (for example, for waiters in a restaurant).


I find some points unclear in their FAQ. For example, how does the passphrase work? They only say that it sits "on top of the PIN". So am I supposed to write it in the computer's keyboard? Also, in their sentence "[...] we have implemented a safe way of entering PIN, so no keylogger can be used to spy on your PIN" there is no information. I finally found in reddit a video showing how the PIN input works (but not yet the passphrase).

1/ To read flash of MCU, you need to open it and read it under the microscope. This article is quite old, but gives an idea what needs to be done: http://www.bunniestudios.com/blog/?page_id=40 . Trezor uses STM32F205RE MCU but I did not find anything specific for it online.
2/ https://code.google.com/p/nanopb/
3/ BIP32 allows you to do a lot of cool stuff with a single device. You can have unlimited number of accounts for various crypto-currencies and those don't share the same addresses. You can support message signing, secure login and more. Also, BIP44 provides extensible, secure and standardized way of doing things right instead of doing single-purpose hack to make things work. These standards for example promote no-reuse of addresses, something many multi-sig approaches don't have. Also, this allows offline account discovery. I.e. once your account public BIP32 node is stored in your PC, you don't need your Trezor connected to see the balance.
4/ I agree that the passphrase functionality should be better documented.